This is really problematic since zone delagation possibility extend the validity of the certificate to untrusted fqdn or organisations and this has obvious security issues !
This is easy to understand: *.domain.com in the cn stands for any domain name under .domain.com. * matches everything but the dot ! This is how trusted CAs treat it according to RFC 2818.
With perl the regex to achieve this is as simple as:
/^[^\.]+\.domain\.com$/
this should normally not take years to implement ? Can you please give a final decision on that ?
This is really problematic since zone delagation possibility extend the validity of the certificate to untrusted fqdn or organisations and this has obvious security issues !
This is easy to understand: *.domain.com in the cn stands for any domain name under .domain.com. * matches everything but the dot ! This is how trusted CAs treat it according to RFC 2818.
With perl the regex to achieve this is as simple as:
/^[^\.] +\.domain\ .com$/
this should normally not take years to implement ? Can you please give a final decision on that ?
IE 6 and 7 now implement it that way !!