Kyle Hamilton wrote: > > I should point out that the second is an example of a situation where > such paranoia on the part of the MIS staff would be well-founded.
I vote for the stricter handling of wildcards as proposed by Nelson. 1. IETF standards define a stricter wildcard handling. 2. MS IE seems to handle it stricter than Mozilla products. 3. I'd prefer a more secure handling in default installations of Mozilla products especially for the mass of users not behind a MITM proxy (CN=* sounds completely inacceptible to me). 4. MITM proxies for enforcing policies still can be implemented with certs-issued-on-the-fly with more CPU power (and better proxy software). Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
