Proposal for cert issuance for wildcard domains in ACME: https://github.com/letsencrypt/acme-spec/pull/97 …. WDYT @sleevi_ @grittygrease @asheeshlaroia etc?
-
-
@BRIAN_____@pzb@grittygrease@bcrypt@asheeshlaroia Wildcard is still needed. I'm not a wildcard hater. -
@sleevi_@pzb@grittygrease@bcrypt@asheeshlaroia Maybe, but I'm not convinced. Would love a link to a strong argument for supporting them. -
@BRIAN_____@pzb@grittygrease@bcrypt@asheeshlaroia Counter argument is... what, unlimited SNI with the same key? What value is that? -
@BRIAN_____@pzb@grittygrease@bcrypt@asheeshlaroia That is, pragmatically, near-infinite certs at same key is worse than one cert w/ * -
@sleevi_@pzb@grittygrease@bcrypt@asheeshlaroia Why? ACME makes it easy to use unique keys per host, so why would one use the same key? -
@BRIAN_____@pzb@grittygrease@bcrypt@asheeshlaroia It's already answered on the bug. No reason *not* to. And that's a large sign load -
@sleevi_@pzb@grittygrease@bcrypt@asheeshlaroia Complexity is a good reason not to. Not convinced there's a large sign load. -
@sleevi_@pzb@grittygrease@bcrypt@asheeshlaroia There are some important, rare, needs for wildcard certs. But ACME isn't needed for them.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.