[cabfpub] Ballot 92 reviewed
Steve Roylance
steve.roylance at globalsign.com
Wed Oct 31 14:54:22 UTC 2012
Hi Eddy,
Indeed, that's correct and this is my main concern. As I've said on
previous posts my intention is not diving into the security aspect here but
providing clear information to users about todays reality. The security
guard who holds 10 keys to open 10 locks or one skeleton key that also opens
the same ten locks brings up interesting points of discussion, but what I'm
trying to identify here is to let people know there's a security guard at
all. Whether he's the owner of all of the keys and locks or is acting on
behalf of separate owners is what the Ballot tries to offer.
IPv6, SNI etc will eventually slow the rate/need for multi dimensional,
multi owner certificates and hopefully also increase the adoption rate of
simple domain validated certificates.
With Ryan's help I'm going to create a few real life examples to illustrate
the points that everyone is confused about. Hopefully by tomorrow, but if
not then by Friday.
Steve
From: Eddy Nigg <eddy_nigg at startcom.org>
Organization: StartCom Ltd.
Date: Tuesday, 30 October 2012 20:27
To: "public at cabforum.org" <public at cabforum.org>
Subject: Re: [cabfpub] Ballot 92 reviewed
On 10/30/2012 08:48 PM, From kirk_hall at trendmicro.com:
>
> My other question was, what is the difference between 10 DV certs (each for a
> single domain) where domain control was proved for each with a single
> customer, versus a DV SANs cert with the same 10 domains inside, where domain
> control was proved for each with a single customer?
>
I noted previously that current UIs clearly show the domain name (common
name?) prominently. You know (even if only by proxy) who has the private key
(that of the domain).
But Steve might have even more reasons.
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
_______________________________________________ Public mailing list
Public at cabforum.org https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121031/ae57889a/attachment-0004.html>
More information about the Public
mailing list