... nobody had clearly explained to you what the specific transaction Trustwave got in trouble for was actually about.
Now you know, so "this will not stand" and "Trustwave stuck its hand in the garbage disposal" shouldn't be germane anymore. Once again: the whole point of those certificates is to sign domains the certificate owner doesn't control. They're sold only to giant corporations with huge amounts of insurance, and they're contractually obligated to ensure they're deployed only on the corporation's own network.
https://news.ycombinator.com/item?id=12445837
... nobody had clearly explained to you what the specific transaction Trustwave got in trouble for was actually about.
Now you know, so "this will not stand" and "Trustwave stuck its hand in the garbage disposal" shouldn't be germane anymore. Once again: the whole point of those certificates is to sign domains the certificate owner doesn't control. They're sold only to giant corporations with huge amounts of insurance, and they're contractually obligated to ensure they're deployed only on the corporation's own network.
They're also not allowed anymore.