Re: security for website

From: Alun Jones (alun@texis.com)
Date: 06/28/02


From: alun@texis.com (Alun Jones)
Date: Fri, 28 Jun 2002 21:18:19 GMT

In article <afhjhl$ig1$1@aquila.mdx.ac.uk>, david20@alpha2.mdx.ac.uk wrote:
>You can have a wildcarded certificate ie a certificate
>for *.mydomain.com would cover both
..
>You can also have certicates supporting the new v3 subjectAltName extension
>of RFC 2459 where you can explicitly state
..
>The problems with these are support. For instance Microsoft's IE supports
>subjectAltName but Netscape and Mozilla currently don't.
>The other problem is finding a certificate authority willing to sign such
>certificates . Commercially it makes more sense for the CA to charge you for
>separate certificates.

There is a proposal under way in the IETF drafts for an extension to the SSL
"ClientHello" exchange, wherein the client can specify the _name_ of the
entity it's asking to connect to, allowing the server to pick and choose its
particular certificate. I like the sound of this idea, but as with most IETF
drafts, there's a long wait between suggestion and widespread implementation.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]

-- 
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.



Relevant Pages

  • Re: Is there such thing as a multi-host security certificate?
    ... Is there such thing as a multihost security certiciate? ... then you could get a wildcard certificate for mydomain.com. ... Other trusted CAs may now be starting to support the SubjectAltName extension. ...
    (comp.security.misc)
  • Re: IMAP OpenSSL and Virtual Host Environments?
    ... >> dNSName types of its subjectAltName extension. ... >> dNSName types and their values may contain wildcards. ... >> Here's an example from an X509v3 certificate ...
    (comp.security.misc)
  • Re: IMAP OpenSSL and Virtual Host Environments?
    ... > A single X509v3 certificate can hold multiple host names in the ... > dNSName types of its subjectAltName extension. ... > dNSName types and their values may contain wildcards. ... > Here's an example from an X509v3 certificate ...
    (comp.security.misc)
  • Re: security for website
    ... >You can have a wildcarded certificate ie a certificate ... >You can also have certicates supporting the new v3 subjectAltName extension ... Fax/Voice +1258-9858 | read details of WFTPD Pro for NT. ...
    (comp.security.misc)
  • RE: SSL, domain name limit
    ... Irvin ) wrote: ... >be specified per certificate. ... I thought I remembered seeing somewhere that you could use "*.example.com" to ... Fax/Voice +1258-9858 | read details of WFTPD Pro for NT. ...
    (microsoft.public.inetserver.iis.security)