|
|
|
|
|
|
by duskwuff
4697 days ago
|
|
|
The specification isn't particularly clear, but it seems to me that RFC 2818 section 3.1 [1] could permit some dangerously broad wildcards like ".com", "www..com", or even ".". Combined with subject alternate names, it may be possible to create a certificate that's valid for almost anything. [1]: http://tools.ietf.org/html/rfc2818#section-3.1 |
|
|