9 comments

[ 5.1 ms ] story [ 32.6 ms ] thread
(comment deleted)
I hope it's not just about ∗.example.org`, but also ∗.∗.example.org` as well. It would be incredible to have e.g. db.deployment-9d27ca.example.org (for automatic deployments from pull/merge requests)

Edit: how do I disable parser from messing up the message by intepreting U+002A asterisks as a markup here on HN? Neither backticks nor backslashes seem to do the trick...

It most probably won't, multiple wildcard levels aren't even supported by commercial certificates as far as I know and would require quite some changes in networking infrastructure.

Anyways, free as in beer wildcard certificates are great news. :)

Hmm... some software doesn't recognize multilevel wildcards and rejects the certificate, but I don't think it requires any hardware changes (unless we're talking about hardware TLS accelerators). Basically, browsers and other TLS clients have to implement RFC 6125 if they still don't.

Edit: my mistake, RFC6125 actually seem to forbid those (I thought it was allowing them - was wrong). That's sad. Guess, there is just no way to have TLS for what I want. Have to stick with plain HTTP.

(comment deleted)
Well, every time I want to write an *, I just write three asterisks with no spaces between them.
(comment deleted)