On Fri, Mar 14, 2014 at 09:01:48PM -0400, James Cloos wrote:
> > The folks at Postini have a wildcard cert for "*.psmtp.com" and
> > clients publish MX records of the form:
> >
> > verisign.com. IN MX 100 verisign.com.s6a1.psmtp.com.
> > verisign.com. IN MX 200 verisign.com.s6a2.psmtp.com.
> > verisign.com. IN MX 300 verisign.com.s6b1.psmtp.com.
> > verisign.com. IN MX 400 verisign.com.s6b2.psmtp.com.
>
> For some historical context, mozilla's original wildcarded ssl implement-
> ation also allowed an *. to match any number of labels.
>
> Several sites were broken by the change to limit a wildcard to a single label.
I take it you're suggesting to not perpetuate Postini's abuse of
wildcard certs? Implementations might choose to be more liberal,
but servers can't expect multi-label wildcard support. Right?
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
