I understand how a Wildcard certificate has its own needs and good usage, but from a security standpoint, which almost all the time is overlooked either by lack of knowledge, experience or interest, cannot wildcards certificates be some sort of an “advanced” feature instead of “just another option”?
I get the point providers are now cutting costs because certificate from LE are automated and free versus spending 000’s on Verisign and their likes, but this is creating a false sense of security to the untrained advanced users calling themselves “admins”. Yes, everything is now encrypted, so “middle finger to NSA”, but so are the problems whenever a bad actor spawns a service running inside your network, redirects traffic to that new service and you have no clue because it looks completely legit, SSL encrypted with a very valid certificate.
Most of the recent security issues were coming from inside the company, where everything is trusted by default, and now with a certificate matching the world and dog, this will open a huge can of worms.
Shouldn’t users get, at a minimum, a “consent” form, even if as a clause at the ToS they agree without even reading, that wildcard certificates can end up being worse than having no encryption?
This has been a question on other certificate providers for over 10 years, so we are not looking for anything new here - except the fact cost is now zero.