Patrick Can I go and order a SSL Cert with a standard name and a wildcard name for SNI? We do that now.
So, I think Jan is onto something. On Thu, Jul 19, 2018 at 1:47 PM, Patrick McManus <pmcma...@mozilla.com> wrote: > > On Thu, Jul 19, 2018 at 1:36 PM, Jan Včelák <j...@fcelda.cz> wrote: > >> Hey, >> >> I just scanned the draft and focused mainly on the DNS bits. The >> described method for publishing encryption keys for SNI in DNS won't >> allow use of wildcard domain names. >> >> > Thanks! > > I believe the draft is OK on this point because wildcards aren't needed. > While certificates can be valid for wildcard domains, the SNI is always a > specific hostname (and the plaintext hostname informs the DNS question) > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
