> > Not quite inherent -- if you verify against a SubjectAltName dNSName > > you can decide the certificate is valid for many domains. > > > Yes, this is true in theory, but I want to know how you're going > to get VeriSign to issue you a certificate with subjectAltNames > corresponding to a bunch of unrelated domains. And remember ... Ah, that. Well, we live in different PK worlds. Yours is much larger and more congruent to plaent earth. Mine is a bunch of science labs and universities that nearly know each other.