Likely in violation of their agreement when they purchased the
certificate....
... and the fact that "shared SSL" is widely done does not make it the right
thing to do.
-----Original Message-----
From: William X Walsh
Sent: Wednesday, August 22, 2001 1:39 PM
To: Lynn W. Taylor
Cc: INTERNET@BCN {[EMAIL PROTECTED]}
Subject: RE: How do webcerts work with virtual hosts?
Wednesday, Wednesday, August 22, 2001, 8:53:54 AM, Lynn W. Taylor wrote:
> In my opinion "users don't care" isn't a reason to subvert the original
> purpose.
> Someday, it will come back to haunt us.
I doubt it. The largest hosting services in the business have been
using a single cert and providing "shared" ssl service to their
customers in the form of
https://servername.securesite.com/customername/
for many many years (at least as far back as early 1996 that I can
verify on the spur of the moment) and no dire consequences has
happened. This is really no different, since the certificate holder
is not in fact the merchant or site operator.
You will note that all of the CAs specifically disclaim any
legal responsibility for verifying the identity of the certificate
holder. Not a single one backs up their certificates with any kind of
a guarantee on the identity of the certificate holder.
--
Best regards,
William X Walsh <[EMAIL PROTECTED]>
Userfriendly.com Domains
The most advanced domain lookup tool on the net
DNS Services from $1.65/mo
