Wildcards are not permitted in the new Extended Validation certificates. > -----Original Message----- > From: Jeffrey Hutzelman [mailto:jhutz@xxxxxxx] > Sent: Wednesday, March 07, 2007 7:59 PM > To: Hallam-Baker, Phillip; ietf@xxxxxxxx > Cc: Jeffrey Hutzelman > Subject: RE: NATs as firewalls > > > > On Wednesday, March 07, 2007 04:23:20 PM -0800 "Hallam-Baker, > Phillip" > <pbaker@xxxxxxxxxxxx> wrote: > > > We do need to revise the architecture description. Using IP > addresses > > as implicit signalling > > You keep using that word. I do not think it means what you > think it means. > > > > Another instance that hit me today is the fact that existing SSL > > implementations use the server IPv4 address to select which server > > certificate to present to a client. > > No; existing SSL server implementations assume that only one > certificate is relevant for any given transport endpoint. > Which, for the vast majority of uses, would not be that big a > deal except that a certain vendor which dominates the > well-known-CA market(*) sees a revenue opportunity in > wildcard certificates, much as ISP's see a revenue > opportunity in residential customers who need multiple > non-NAT'd addresses. > > (*) To be fair, pretty much _every_ vendor does this. > > -- Jeff > _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf