Gervase Markham wrote: > Frank Hecker wrote: >> In any case I'm surprised that more commercial CAs aren't supporting the >> issuance of SSL certificates that handle some of these common situations. > > This may be partly because it's only recently that people figured out a > compatible way through the maze of ten different possible ways to do > this.
Gerv, I am quite surprised to see this criticism, coming from you.. AFAIK, there's *ONE* way, well defined in standard RFC 3280 in 4/2002, to support multiple DNS names in a certificate. It's THE standard way. It's supported by all the major browser productsnow , and has been for at least 4 years. > I seem to remember CACert.org's wiki having a page on it; they > took months trying different options before settling on one that worked... That can happen when one chooses trial-and-error (as opposed to reading the standard RFC) as a means to find what works. Being a "certification authority" necessitates being expert in the standards on certificates (among other things). I should think that wannabe CAs would not wish to publicly demonstrate their ignorance of the standards. In any case, I should not interpret an individual CA's difficulty in finding the standard method as a flaw in the standard or as a flaw in any browser's implementation of it. -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
