So who should change what to fix it is not clear to me--we can expect CAs to be more cautious or we can change STS in some manner to address this. But parent domain walking strikes me as a rather unpleasant fix, still.
Agreed. You can do what DMARC does, use the PSL or approved replacement to figure out where the parent is. It's gross, but it works pretty well.
Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
