browser vendors and CAs agreeing on high-assurance certificat es
Ben Laurie
ben at algroup.co.uk
Sat Dec 24 05:58:33 EST 2005
Ian G wrote:
>
>> BTW, illustrating points made here, the cert is for
>> financialcryptography.com
>> but your link was to www.financialcryptography.com. So of course Firefox
>> generated a warning....
>
> Indeed.... and even if that gets fixed we still have
> to contend with:
>
> * the blog software can't handle the nature of a
> TLS site (internal problems like non-working
> trackbacks, internal links, posts, ...)
> * the cert has to be shared with 3 other sites
> * Firefox will still warn about it being a CAcert
> signed certificate
> * ... I'm sure there's more.
>
> Hopefully over the next year, the webserver (Apache)
> will be capable of doing the TLS extension for sharing
> certs so then it will be reasonable to upgrade.
In fact, I'm told (I'll dig up the reference) that there's an X509v3
extension that allows you to specify alternate names in the certificate.
I'm also told that pretty much every browser supports it.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
** ApacheCon - Dec 10-14th - San Diego - http://apachecon.com/ **
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list