Re: security for website

From: Alun Jones (
Date: 06/28/02

From: (Alun Jones)
Date: Fri, 28 Jun 2002 21:18:19 GMT

In article <afhjhl$ig1$>, wrote:
>You can have a wildcarded certificate ie a certificate
>for * would cover both
>You can also have certicates supporting the new v3 subjectAltName extension
>of RFC 2459 where you can explicitly state
>The problems with these are support. For instance Microsoft's IE supports
>subjectAltName but Netscape and Mozilla currently don't.
>The other problem is finding a certificate authority willing to sign such
>certificates . Commercially it makes more sense for the CA to charge you for
>separate certificates.

There is a proposal under way in the IETF drafts for an extension to the SSL
"ClientHello" exchange, wherein the client can specify the _name_ of the
entity it's asking to connect to, allowing the server to pick and choose its
particular certificate. I like the sound of this idea, but as with most IETF
drafts, there's a long wait between suggestion and widespread implementation.


[Please don't email posters, if a Usenet response is appropriate.]

Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | or email
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.