On 2014-01-18 Sean Walberg wrote:
Wildcard wise, wildcards only work for one level of subdomain and not on EV certs.
Thanks for all the help guys, I'll slog through implementing the ideas tonight. As I thought, it's not as simple as it looks to be. I'm sure I'll have more questions.
Just a quick Q on wildcards/certs: so if I'm understanding right, a wildcard doesn't help a hacker, as they can't buy a * they must buy a *.something.com, right?
Yes, there would be the issue of a rogue CA selling a malicious wifi hotspot guy *.mydomain.com but there's no way they could do that on the fly quickly while I sit down at their wifi for only 15 mins and never return. Right? I guess my question was more whether they could instantly generate MitM certs for everyone who connects and intercept everything easily. (I thought that is what some hotspots do for HTTPS?)
In all cases, I am assuming I have sole, complete physical control and access to my phone, and that the OS hasn't been compromised. After all, you have to start somewhere and assume some level of security. And if they rootkitted my phone, them getting my IMAP credentials would be the least of my worries.
Thanks!