[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[2]: [cobalt-security] self signed certificate warnings
- Subject: Re: Re[2]: [cobalt-security] self signed certificate warnings
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Thu, 21 Feb 2002 19:34:05 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
"Eugene Crosser" <crosser@xxxxxxxxxxx> wrote:
> There are no "rules" on this matter; and common sense
> says that if your company gets a second level domain and
> CA certifies that it's yours, any subdomains of this
> second level domain should automatically be considered
> yours too. So this is not dangerous but logical behavior.
The bulk of the time this is true. But it's not always true. I have
several second level domains which I allow others to setup third level
domains on. Some of the sites are hosted on servers I control, some are
not. There are a lot of domains being used in this way. Think vanity
domains. Think soureforge.com. If the CA made the assumption that the org
controlling the third or fourth level was the same as the org controlling
the second level, the CA will be wrong some percentage of the time.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/