@bcrypt @sleevi_ @asheeshlaroia Random challenge subdomains is a bad idea. Rely on DNS hierarchy for wildcards: owning apex is enough.
-
-
Replying to @grittygrease
@grittygrease@bcrypt@sleevi_@asheeshlaroia agreed. Unpredictable hostnames != wildcard DNS.1 reply 0 retweets 0 likes -
Replying to @pzb
@pzb@grittygrease@bcrypt@sleevi_@asheeshlaroia If ACME works as intended then maybe it doesn't need todo wildcard at all. Less is more.1 reply 0 retweets 1 like -
Replying to @BRIAN_____
@BRIAN_____@pzb@grittygrease@bcrypt@asheeshlaroia Wildcard is still needed. I'm not a wildcard hater.1 reply 0 retweets 0 likes -
Replying to @sleevi_
@sleevi_@pzb@grittygrease@bcrypt@asheeshlaroia Maybe, but I'm not convinced. Would love a link to a strong argument for supporting them.2 replies 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____@pzb@grittygrease@bcrypt@asheeshlaroia Counter argument is... what, unlimited SNI with the same key? What value is that?1 reply 0 retweets 0 likes -
Replying to @sleevi_
@BRIAN_____@pzb@grittygrease@bcrypt@asheeshlaroia That is, pragmatically, near-infinite certs at same key is worse than one cert w/ *2 replies 0 retweets 1 like -
Replying to @sleevi_
@sleevi_@pzb@grittygrease@bcrypt@asheeshlaroia Why? ACME makes it easy to use unique keys per host, so why would one use the same key?2 replies 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____@pzb@grittygrease@bcrypt@asheeshlaroia It's already answered on the bug. No reason *not* to. And that's a large sign load1 reply 0 retweets 0 likes -
Replying to @sleevi_
@sleevi_@pzb@grittygrease@bcrypt@asheeshlaroia Complexity is a good reason not to. Not convinced there's a large sign load.2 replies 0 retweets 0 likes
@sleevi_ @pzb @grittygrease @bcrypt @asheeshlaroia There are some important, rare, needs for wildcard certs. But ACME isn't needed for them.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.