[SSL Observatory] Name constraints: a reasonable idea that hasn't panned out in practice
Erwann ABALEA
erwann at abalea.com
Fri Apr 22 16:48:12 PDT 2011
A self-reply, sorry...
2011/4/23 Erwann ABALEA <erwann at abalea.com>:
> DANE (or similar), on the contrary, can be a good solution, for DV
> certificates. Obviously DV certs are still selling well, so DANE has
> some future. Unfortunately for my employer, because it could allow
> anybody to have its own CA, and produce its own certificates, and they
> won't produce any warning, and they'll probably be produced with awful
> practices. Classic human behavior, but still bad :)
That means DV certificates won't sell as well, of course. They'll
still be widely used, but some of them (I won't speculate on how many
of them) will be self-produced.
--
Erwann.
More information about the Observatory
mailing list