Nelson Bolyard wrote:
[...]
Wildcards are not an essential part of this attack. They merely were a
convenience for this demonstration, but the attack could have been done
without using a wildcard cert. Even eliminating wildcard certs altogether
would not stop this attack.
This being said :
On 02/23/2009 02:35 PM, Jean-Marc Desperrier:
- I don't expect there will be any effort to try to stop CA from issuing
dangerous wildcard certificates, since it won't solve the problem at large.
This isn't the cure of the problem, wild cards are very useful! The
problem is the validation