Hello William:
You always seem to give me interesting issues to think about.
You are right.. Entrust does not issue a wildcard certificate.
There is some hesitance in the industry to embrace wildcard certificates
because they encourage the practice of sharing certificates. Sharing a
certificate results in a potential breach of security and diminishes the
professionalism of a site.
Based on your input I have explored the Entrust and Equifax CPS with regard
to trademarks and did a compare and contrast. Although I think the term
'scary' is a little overstated, Entrust does retain broader powers with
respect to tradmark infringement than Equifax. I suspect that this stems out
of their history with regard to servicing Fortune500 companies. I will take
up this issue with Entrust directly.
I will let you know the outcome.
Regards
Darryl Green
[EMAIL PROTECTED]
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of William X. Walsh
> Sent: Wednesday, April 11, 2001 1:18 AM
> To: Jennifer
> Cc: [EMAIL PROTECTED]
> Subject: Re: Certs
>
>
> Hello Jennifer,
>
> Tuesday, April 10, 2001, 9:20:39 PM, Jennifer wrote:
>
> > I have a few questions.
>
> > 1) I just went to https://certs.tucows.com/ and my browser Netscape 4.7
> > said that it did not recognize the authority that signed the
> certificate.
> > Netscape 4.7 is still widely used. I thought that the Certs
> were going to
> > be backwards compatible?
>
> This is probably a configuration issue on the server, the CA cert
> chain has to be loaded and configured on that host's configuration for
> it to avoid that error. (I'm guessing here based on experience with
> Equifax's certs which work similarly)
>
> > 4) Can we now or we will be able to in the future get wild card
> Certs? So
> > that I can use one Cert for any number of sub-domains?
>
> I looked on Entrust's own site, and don't see wildcard certs offered.
> I don't think Verisign offers them either (well they do through Thawte
> still, but I imagine that will go very soon since that was in place
> before the acquisition). Purely guessing here, but from what I see
> with regard to Entrust's excessive policies, I would be really
> surprised to see them offer a wildcard cert.
>
> Entrust has some rather scary policies with regard to trademarks also,
> which could result in a trademark holder being able to get a domain
> holder's cert revoked under a policy that doesn't take into account
> whether the trademark holder would likely to win if the case were in
> court. Personally, I don't think a CA has any business dealing with
> trademark/name issues at all.
>
> Equifax's CPS seems much more inline with that thinking than Entrust's
> is.
>
>
> Let me make sure that I am making clear that I am not criticizing
> Tucows or their cert division on this, they are pretty much strictly a
> marketing group, the policies in question are the sole
> fault/responsibility of the supplier, in this case Entrust, whom I
> find leaves much to be desired in the way of policies and other
> issues. Tucows has and is working hard to provide something that most
> of us asked for. I just think this particular supplier leaves a lot
> to tbe desired, much like I think the .tv registry does.
>
> --
> Best regards,
> William mailto:[EMAIL PROTECTED]
>
>
