I hope it's not just about ∗.example.org`, but also ∗.∗.example.org` as well. It would be incredible to have e.g. db.deployment-9d27ca.example.org (for automatic deployments from pull/merge requests)
Edit: how do I disable parser from messing up the message by intepreting U+002A asterisks as a markup here on HN? Neither backticks nor backslashes seem to do the trick...
It most probably won't, multiple wildcard levels aren't even supported by commercial certificates as far as I know and would require quite some changes in networking infrastructure.
Anyways, free as in beer wildcard certificates are great news. :)
Hmm... some software doesn't recognize multilevel wildcards and rejects the certificate, but I don't think it requires any hardware changes (unless we're talking about hardware TLS accelerators). Basically, browsers and other TLS clients have to implement RFC 6125 if they still don't.
Edit: my mistake, RFC6125 actually seem to forbid those (I thought it was allowing them - was wrong). That's sad. Guess, there is just no way to have TLS for what I want. Have to stick with plain HTTP.
9 comments
[ 5.1 ms ] story [ 32.6 ms ] threadEdit: how do I disable parser from messing up the message by intepreting U+002A asterisks as a markup here on HN? Neither backticks nor backslashes seem to do the trick...
Anyways, free as in beer wildcard certificates are great news. :)
Edit: my mistake, RFC6125 actually seem to forbid those (I thought it was allowing them - was wrong). That's sad. Guess, there is just no way to have TLS for what I want. Have to stick with plain HTTP.