Re: Remembering Passwords in IE

[Hal.Lockhart () STORAGENETWORKS COM (Hal Lockhart)]

I suspect that anybody who charges by the cert is not going to want to issue
you a wildcard cert instead of multiples.

Hal

===========================================================
Harold W. Lockhart Jr.             StorageNetworks, Inc.
Voice: 781-434-6741                100 Fifth Avenue
Fax:   781-434-6799                Waltham, MA 02451
hal.lockhart () storagenetworks com   www.storagenetworks.com
===========================================================

> The hostname->subject common name check isn't optional (or shouldn't
> be and doesn't appear to be on NS and IE5), but both browsers
> support the use of a '*' wildcard to allow matching multiple
> machines in a single domain.
>
> So a certificate issued to *.example.com would pass the name
> check for www.example.com, test.example.com, and rogue.example.com.
> The version 4 browsers (I haven't tried this lately) would
> allow the * to be used to mask out larger namespaces (e.g.,
> *.com). I don't remember, but it seems that one or more
> browsers allowed a common name of '*' to match any domain name.
>
> In practice, the rogue use of this feature (e.g., getting a
> cert issued to '*' rather than '*.example.com') is supposed to
> be prevented by diligent Certification Authorities.  Are all
> the issuing CAs under these 107 trusted root CAs that ship
> with IE5 applying this diligence? Your guess is as good as mine.