Sigh, looks like this is a utopian dream at this moment, (:-, I am fine with documenting what we have now. Thank for your clarification, Martin.
-Qin -----邮件原件----- 发件人: Martin Thomson [mailto:m...@lowentropy.net] 发送时间: 2022年12月20日 11:53 收件人: Qin Wu <bill...@huawei.com>; Peter Saint-Andre <stpe...@stpeter.im>; ops-...@ietf.org 抄送: draft-ietf-uta-rfc6125bis....@ietf.org; uta@ietf.org 主题: Re: [Uta] Opsdir early review of draft-ietf-uta-rfc6125bis-08 On Tue, Dec 20, 2022, at 14:00, Qin Wu wrote: > If we can introduce long prefix match like mechanism to deal with > multiple level of subdomain matching, this issue will be easily solved. This is not something that the IETF can do at this stage - or at least not so simply. Wildcard certificates are defined as they are (see RFC 2818 for an early, but not the earliest rules) and changing that is not an option. Making them more capable as you suggest is just as impractical as ending their use as Peter might prefer. Changing something like this, that is very widely deployed, requires a lot of effort over many years. This draft is just an effort to precisely describe how the Internet currently works (or should function). _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
