CA/Forbidden or Problematic Practices: Difference between revisions

Jump to navigation Jump to search

CA/Forbidden or Problematic Practices (view source)

Revision as of 08:28, 1 May 2017

774 bytes removed ,  1 May 2017
Remove "Wildcard DV SSL Certificates" as agreed in m.d.s.p.
(Update "Allowing External Entities to Operate Subordinate CAs" with new wording by Kathleen)
(Remove "Wildcard DV SSL Certificates" as agreed in m.d.s.p.)
Line 10: Line 10:


Some CAs issue DV SSL certificates that have expiration times several years in the future. This increases the time during which the possibility of such an attack exists.
Some CAs issue DV SSL certificates that have expiration times several years in the future. This increases the time during which the possibility of such an attack exists.
== Wildcard DV SSL Certificates ==
Some CAs issue domain-validated SSL certificates that can function as wildcard certificates, e.g., a certificate for *.example.com where the CA verifies only ownership and control of the example.com domain, and the certificate subscriber can then use the certificate with any site foo.example.com, bar.example.com, etc. This means that a subscriber could establish malicious SSL-protected web site that are deliberately named in imitation of legitimate sites, e.g., paypal.example.com, without knowledge of the CA. Concerns have been expressed that wildcard SSL certificates should not be issued except to subscribers whose actual identity has been validated with organizational validation (OV). (There are no EV wildcard certificates.)


== Email Address Prefixes for Domain Ownership Validation ==
== Email Address Prefixes for Domain Ownership Validation ==
Gerv
Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1169764"

Navigation menu