Proposal for cert issuance for wildcard domains in ACME: https://github.com/letsencrypt/acme-spec/pull/97 …. WDYT @sleevi_ @grittygrease @asheeshlaroia etc?
-
-
Replying to @bcrypt
@bcrypt@sleevi_@asheeshlaroia Random challenge subdomains is a bad idea. Rely on DNS hierarchy for wildcards: owning apex is enough.2 replies 0 retweets 3 likes -
Replying to @grittygrease
@grittygrease@bcrypt@sleevi_@asheeshlaroia agreed. Unpredictable hostnames != wildcard DNS.1 reply 0 retweets 0 likes -
Replying to @pzb
@pzb@grittygrease@bcrypt@sleevi_@asheeshlaroia If ACME works as intended then maybe it doesn't need todo wildcard at all. Less is more.1 reply 0 retweets 1 like -
Replying to @BRIAN_____
@BRIAN_____@pzb@grittygrease@bcrypt@asheeshlaroia Wildcard is still needed. I'm not a wildcard hater.1 reply 0 retweets 0 likes -
Replying to @sleevi_
@sleevi_@pzb@grittygrease@bcrypt@asheeshlaroia Maybe, but I'm not convinced. Would love a link to a strong argument for supporting them.2 replies 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____@pzb@grittygrease@bcrypt@asheeshlaroia Counter argument is... what, unlimited SNI with the same key? What value is that?1 reply 0 retweets 0 likes -
Replying to @sleevi_
@BRIAN_____@pzb@grittygrease@bcrypt@asheeshlaroia That is, pragmatically, near-infinite certs at same key is worse than one cert w/ *2 replies 0 retweets 1 like -
Replying to @sleevi_
@sleevi_@BRIAN_____@pzb@bcrypt@asheeshlaroia >10,000 certs on the same server scales poorly with current open source servers.1 reply 0 retweets 0 likes
@grittygrease @sleevi_ @pzb @bcrypt 1. Those servers aren't doing ACME. 2. The orgs that need that capability can contribute fixes for that.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.