On Fri, Sep 22, 2017 at 9:15 PM, Martin Thomson <martin.thom...@gmail.com> wrote: > On Fri, Sep 15, 2017 at 8:42 AM, Jeffrey Walton <noloa...@gmail.com> wrote: >> The current models uses origins as a boundary, so they are different >> security contexts. > > That's not relevant here. A certificate allows a server to speak for > multiple origins. The notion of an origin is, as you say, established > at a higher layer. TLS establishes a broader notion of identity.
As far as I know, the IETF does not forbid inclusion of logically or administratively disjoint hosts from a certificate. In a shared hosting environment with a super cert, it seems like it would be easy to confuse a user agent into binding the wrong name. The IETF does not forbid an IP address either, so it seems like IP addresses could be a sore spot, too. And the hosting provider could pass the customary checks, like DV emails. So there does not seem to be a security control available to contain the risk. Jeff _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
