Wildcards on cert host checking
Gary E. Miller
gem at rellim.com
Wed Feb 13 22:40:43 UTC 2019
Yo James!
On Wed, 13 Feb 2019 14:36:38 -0800
James Browning via devel <devel at ntpsec.org> wrote:
> On Wed, Feb 13, 2019, 2:30 PM Hal Murray via devel <devel at ntpsec.org
> wrote:
>
> > Amy reason to allow or prohibit them?
> >
>
> I think allowing them would simplify the pool case I proposed a while
> back, but it is less likely to be a problem due to letsencrypt.
So you are assuming Hal is asking about cert names of *.example.org.
How would this be used in a public pool? How would one issue a cert
for *.pool.example.org to be used on any old host anywhere. That would
require the pool to also run matching frward DNS for each server in the
pool.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190213/8d53ecbb/attachment.bin>
More information about the devel
mailing list