Wildcards on cert host checking

Gary E. Miller gem at rellim.com
Wed Feb 13 22:40:43 UTC 2019


Yo James!

On Wed, 13 Feb 2019 14:36:38 -0800
James Browning via devel <devel at ntpsec.org> wrote:

> On Wed, Feb 13, 2019, 2:30 PM Hal Murray via devel <devel at ntpsec.org
> wrote:
> 
> > Amy reason to allow or prohibit them?
> >  
> 
> I think allowing them would simplify the pool case I proposed a while
> back, but it is less likely to be a problem due to letsencrypt.

So you are assuming Hal is asking about cert names of *.example.org.

How would this be used in a public pool?  How would one issue a cert
for *.pool.example.org to be used on any old host anywhere.  That would
require the pool to also run matching frward DNS for each server in the
pool.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190213/8d53ecbb/attachment.bin>


More information about the devel mailing list