On Thu, 2010-09-16 at 09:55 -0700, Henry B. Hotz wrote: > I believe wildcards are a misfeature [...]
One important use case for wildcards is a web server that serves untrusted content spread out over a large or infinite set of subdomains to get increased protection from the same origin policy implemented by modern browsers. The server may use one subdomain per user who publishes content, or even a fresh subdomain for every request. A wildcard certificate is a much cleaner solution than having to automate the generation of a certificate per user, let alone per request. We can absolutely blame the inflexible same origin policy for necessitating the use of different host names (which also breaks TLS session sharing), but realistically it isn't changing any time soon. (Pardon me if this has already been pointed out.) -- Matt _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
