[Operators] XMPP ICA update

Peter Saint-Andre stpeter at stpeter.im
Wed Oct 21 14:06:15 CDT 2009

Hash: SHA1

On 10/21/09 12:46 PM, Mathias Ertl wrote:
> Greetings,
> Peter Saint-Andre wrote:
>> Let me know if you have any questions about this change.
> I have one. Does Startcom offer/allow Certificates that are (1) a
> wildcard certificate (i.e. for *.jabber.org) and (2) include a
> SubjectAltName (that is: Multi-domain certificates).

StartCom allows wildcard certificates only for Class 2, not for Class 1.
As you might know, some phishing attacks are possible with wildcard
certs and these have been seen in the wild. Therefore StartCom has
stopped issuing wildcard certs for Class 1 (domain validation only) and
issues them only for Class 2 (identity validation required). StartCom
also charges some small fees for identity validation, so Class 2 certs
are not completely free (as Class 1 certs are).

As to multi-domain certificates, do you mean (2a) a single certificate
for multiple trust domains (e.g., jabber.org and xmpp.org) or (2b) a
single certificate for multiple hostnames in a trust domain (e.g.,
jabber.org and conference.jabber.org)? I just confirmed with StartCom
that they offer both of these options in Class 2. Personally I think
it's not proper that they offer (2a) because that's too generous, but I
don't work for them so that's their business. ;-)

Although I think that the foregoing text is correct, please check with
StartCom for all the details because it is possible that I have not
represented their service with 100% accuracy.


- --
Peter Saint-Andre

Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the Operators mailing list