On Thu, Jul 19, 2018 at 1:36 PM, Jan Včelák <j...@fcelda.cz> wrote:
> Hey, > > I just scanned the draft and focused mainly on the DNS bits. The > described method for publishing encryption keys for SNI in DNS won't > allow use of wildcard domain names. > > Thanks! I believe the draft is OK on this point because wildcards aren't needed. While certificates can be valid for wildcard domains, the SNI is always a specific hostname (and the plaintext hostname informs the DNS question)
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
