Eddy Nigg (StartCom Ltd.) wrote: > Issuing certificates which claim to be validated without such vetting > ever having performed is tantamount to KNOWINGLY and WILLINGLY > contribute to a possible fraud. I claim that issuing wild card > certificates without proper vetting as described above equals the same.
I don't have much to add to Nelson's comments, so I'm just going to summarize my opinion on the issue of wildcard certs and domain validation: Your points about the potential for fraud are well-taken, as is your point about having an identified entity to pursue in the event of fraud. However as I see it these points apply equally as well to vanilla DV certs (i.e., for a single domain name) as they do to wildcard DV certs. When we created our CA policy the rough consensus was that DV certs have a valid place in the grand scheme of things. Given that, I think wildcard DV certs are just as valid. Such certs may not be suitable for legitimate ecommerce purposes, but that's what EV certs are for. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
