> Practically speaking, certs are required for each different > domain name. There is supposed to be some wildcarding > in place such that *.mydomain.com is covered, but it doesn't > work so well, apparently.
I think the reasons for avoiding wildcard certs are more often organziational or risk-related than technical. Often different business units will run foo.example.com and bar.example.com, and getting these units to cooperate or coordinate might not be easy. Also, wildcard certs are bad news from a compartmentalization standpoint. If you have multiple services using a wildcard cert and any one of them is compromised, the bad guy can masquerade as any host in the domain instead of just the compromised one. _______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security