Wildcard Certs
Pete Chown
Pete.Chown at skygate.co.uk
Tue Jun 17 04:57:24 EDT 2003
martin f krafft wrote:
> This strikes me as notoriously bad, although it is in accordance
> with the RFC. I still don't want to accept the usefulness and
> inherent security, so I'd like to get some expert opinions on this.
>
> Are wildcard certficates good? secure? useful?
I think this is one of the cases where security can't be considered in
isolation. It depends what risks you are trying to protect against. In
a large company you might want to limit the effects of a key compromise.
For example you might want to make sure that someone who steals the UK
key can't masquerade as the American office.
I can't see any generalised threats that would justify withdrawing
wildcard certs, but perhaps others can.
--
Pete
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list