[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

HTTPS

To: [email protected]
Subject: HTTPS
From: [email protected] (Eric Murray)
Date: Thu, 22 Aug 2013 17:51:07 -0700
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On 08/22/2013 05:25 PM, Adam Back wrote:

> 
> (I really dont think a browser vendor would accept *.com nor
> especially *. as a valid site cert wildcard.  It does get fiddly
> because you also want *.co.uk etc to be invalid but they have some
> built in tables of such things to differentiate a TLD from a
> domain).

About three years ago I looked at that code on WebOS (Palm smart
phones).  The code came from Webkit which is what Google's and Apple's
browsers were based on.

It did not accept *.com, certainly not *., and had some complex logic
to decide what to accept.  I doubt that Mozilla accepts *.com or *. as
well.

Few modern CAs issue certs with wildcards in the CN. Instead they use
the SubjectAlternateName extension which can have multiple entries,
reducing or eliminating the need for wildcards.

Eric

References:
- [Doctrinezero] HTTPS
  - From: [email protected] (Eugen Leitl)
- [Doctrinezero] HTTPS
  - From: [email protected] (Adam Back)

Prev by Date: [Doctrinezero] HTTPS
Next by Date: Encrypted mailing lists?
Previous by thread: [Doctrinezero] HTTPS
Next by thread: [liberationtech] Open Whisper Systems' neat asynch FPS "pre-keying"
Index(es):
- Date
- Thread