> On Mar 21, 2016, at 4:39 AM, Gervase Markham <[email protected]> wrote: > > On 21/03/16 11:23, Rob Stradling wrote: > >>> Are the things we put in certificates hostnames? Given that SSL is for >>> connecting to internet hosts, it would seem to me that they are. Clue me >>> in by explaining what I'm missing. >> >> "You've entered a special hell. It is dark and scary. You are likely to >> be eaten by a grue." >> >> https://www.mail-archive.com/[email protected]/msg02548.html > > Can someone give me a concrete example of why someone would want an _ in > a hostname in a cert? An all-Microsoft shop using it for an internal > name which nevertheless was an FQDN? my_server.corp.fooco.com?
_ is allowed at the DNS protocol level, so it works in many cases. See the following (pulled from CT logs): myaccount_ca.kelloggsnutrition.com office_eygelshoven.laurametaal.nl dr_mail.ncr.com All of these have public A records with what appear to be public IPs. Given this, they presumably work with many TLS clients. Thanks, Peter _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
