I have a question about this: https://wiki.mozilla.org/CA:Problematic_Practices Is it really a problematic practice if a CA issues wildcard certificates under IV. (Individual validation). Yes, I know that for example EV's can only be issued to organizations and not natural persons, but limiting wildcard certificates to organizations I think its a bit too far. At least the identity of the person using a wildcard certificate is visible in the certificate, so if a individual is using his cert for phishing purposes, it can be easily tracked and prosecuted. Or is the wikipedia page a bit incorrect about this? Because for example StartSSL does issue wildcard certificates to individuals (IV).