Hello Jennifer,
Tuesday, April 10, 2001, 9:20:39 PM, Jennifer wrote:
> I have a few questions.
> 1) I just went to https://certs.tucows.com/ and my browser Netscape 4.7
> said that it did not recognize the authority that signed the certificate.
> Netscape 4.7 is still widely used. I thought that the Certs were going to
> be backwards compatible?
This is probably a configuration issue on the server, the CA cert
chain has to be loaded and configured on that host's configuration for
it to avoid that error. (I'm guessing here based on experience with
Equifax's certs which work similarly)
> 4) Can we now or we will be able to in the future get wild card Certs? So
> that I can use one Cert for any number of sub-domains?
I looked on Entrust's own site, and don't see wildcard certs offered.
I don't think Verisign offers them either (well they do through Thawte
still, but I imagine that will go very soon since that was in place
before the acquisition). Purely guessing here, but from what I see
with regard to Entrust's excessive policies, I would be really
surprised to see them offer a wildcard cert.
Entrust has some rather scary policies with regard to trademarks also,
which could result in a trademark holder being able to get a domain
holder's cert revoked under a policy that doesn't take into account
whether the trademark holder would likely to win if the case were in
court. Personally, I don't think a CA has any business dealing with
trademark/name issues at all.
Equifax's CPS seems much more inline with that thinking than Entrust's
is.
Let me make sure that I am making clear that I am not criticizing
Tucows or their cert division on this, they are pretty much strictly a
marketing group, the policies in question are the sole
fault/responsibility of the supplier, in this case Entrust, whom I
find leaves much to be desired in the way of policies and other
issues. Tucows has and is working hard to provide something that most
of us asked for. I just think this particular supplier leaves a lot
to tbe desired, much like I think the .tv registry does.
--
Best regards,
William mailto:[EMAIL PROTECTED]
