On 8 Jul 2021, at 7:12, Salz, Rich wrote: > A discussion started on the GitHub repo > https://github.com/richsalz/draft-ietf-uta-rfc6125bis about what is allowed > for the wildcard character, such as in DNS entries in subjectAltName. I am > about to publish a new draft which takes the old adopted “diff” version and > does a full version of 6125. The current draft says that a wildcard may be > the first, or only, character in the left-most DNS name. > > Brian Smith and Ryan Sleevi started a discussion on the PR > https://github.com/richsalz/draft-ietf-uta-rfc6125bis/pull/1#discussion_r663206174 > recommending that the doc should be the *only* character. For example, > *.apps.example.com is okay, but *apps.example.com is not.
I would expect subjectAltName to have the same constraints as DNS entries have, which only allow wildcards for full labels, so I support only allowing *.apps.example.com. -Jim _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
