A mighty fortress is our PKI
Jay Sakata
jay at edgecast.com
Mon Jul 26 21:14:21 EDT 2010
I was very interested to read Peter's analysis of shared SAN certificates. While
we offer dedicated certificates, the shared certificates we offer enable us to
conserve IPv4 space while helping customers lower costs. We've tested and
analyzed these shared certificates extensively and in a wide variety of
scenarios, and we believe they are just as secure as dedicated certificates.
It's also important to note that we operate edge proxies that merely sit between
our customers' origin servers (which have an SSL certificate of their choosing)
and the end users. We do not run programs or scripts on our edge servers on
behalf of customers; when end users are posting content back to the origin, we
are merely a gateway.
Conserving IPv4 space is very important to us - it is responsible 'net
citizenship. And helping our customers manage costs is good corporate
citizenship. But we will absolutely not compromise security in the pursuit of
either of these goals; our customers' security is paramount.
Of course, security is a journey and not a destination, and we are constantly
striving to further improve ours. A significant part of that process means
learning from communities like this one. Therefore, if anyone is aware of any
specific vulnerability - whether with our network or with these shared
certificates - I hope you will notify us immediately at security+at+edgecast.com
so we can take whatever actions necessary to protect our customers, their
customers, and the network as a whole.
You are also welcome to contact me directly at +1 310 396 7400.
A more secure Internet is in everyone's best interest, and I always stand ready
to make sure we are doing our part.
Jay Sakata
CTO
EdgeCast Networks
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list