A mighty fortress is our PKI

Jay Sakata jay at edgecast.com
Mon Jul 26 21:14:21 EDT 2010


I was very interested to read Peter's analysis of shared SAN certificates. While 
we offer dedicated certificates, the shared certificates we offer enable us to 
conserve IPv4 space while helping customers lower costs. We've tested and 
analyzed these shared certificates extensively and in a wide variety of 
scenarios, and we believe they are just as secure as dedicated certificates.

It's also important to note that we operate edge proxies that merely sit between 
our customers' origin servers (which have an SSL certificate of their choosing) 
and the end users. We do not run programs or scripts on our edge servers on 
behalf of customers; when end users are posting content back to the origin, we 
are merely a gateway.

Conserving IPv4 space is very important to us - it is responsible 'net 
citizenship. And helping our customers manage costs is good corporate 
citizenship. But we will absolutely not compromise security in the pursuit of 
either of these goals; our customers' security is paramount.

Of course, security is a journey and not a destination, and we are constantly 
striving to further improve ours. A significant part of that process means 
learning from communities like this one. Therefore, if anyone is aware of any 
specific vulnerability - whether with our network or with these shared 
certificates - I hope you will notify us immediately at security+at+edgecast.com 
so we can take whatever actions necessary to protect our customers, their 
customers, and the network as a whole.

You are also welcome to contact me directly at +1 310 396 7400.

A more secure Internet is in everyone's best interest, and I always stand ready 
to make sure we are doing our part.

Jay Sakata
CTO
EdgeCast Networks

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list