crobb305 - 2:17 am on Apr 7, 2011 (gmt 0)

One of the criteria mentioned in the Google article that engine posted says "It must have the correct domain name — that is, one that matches the one we used to retrieve the certificate."

The question I still have is how to know which domain that would be. My SSL is valid for www.example.com but not for example.com. I am uncertain as to which domain Google would try to fetch (although my SSL is valid for my canonical). I doubt it is a problem, but it makes me wonder if I should upgrade to a wildcard SSL cert.

*added** I also want to say that my speculation in the previous post is simply that. Granted, it seems to be supported by the Microsoft article AND by Google's work on SSL Beta since before May 2010 (the time period during which they were also working on Panda). The Google blog post seems to point to the Comodo breach last month as the impetus, but again, Google SSL Beta was launched over 10 months ago. I am not suggesting a rush to have SSL installed on the server or rush out and purchase SSL certificates. It *may* be a ranking/quality factor, but I think many other factors for Panda are at play. I doubt SSL would even make a difference for 99% of sites affected, especially domains that were completely obliterated.