On Saturday, 22 April 2017 02:24:50 UTC+1, Matt Palmer wrote: > Can you remind me (and the list) what specific instances you're referring > to?
I was thinking of things like the GoDaddy incident reported in January where they had mistakenly been accepting HTTP 404s to validate a domain or the 2016 Comodo "re-dressing" attack where a bad guy could arrange for your contact to get emails from Comodo saying they need to click a button to prevent an SSL certificate being issued, but actually clicking will cause it to be issued to the attacker... In such cases bad guys can get a wildcard rather than validation just for one affected name, and that makes their life much easier. Going further back DigiNotar was made worse by the certificate being issued for *.google.com, not to say it wasn't bad enough to have bad guys essentially issuing whatever they wanted from a trusted CA. Also whenever we see people blaming the issuer for phishing sites protected by SSL, a wildcard would of course let its subscriber create any number of phishing sites, without any oversight of the names used prior to issuance. I happen to think that's fine, but it wouldn't even be a factor without wildcards. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
