Fabio Pietrosanti (naif) - lists <[email protected]> wrote: > within the ACME specification, has been the Enrollment of Wildcard > certificate been taken in consideration?
That really seems out of scope.
1) If you have a wildcard certificate, then you don't need to enroll it for
each machine, you just install it.
2) It seems impossible to validate in HTTPS that you own all of the possible
(perhaps not yet existing) QNAMES under your label.
I think we need to avoid boiling the ocean here.
Maybe the resulting protocol can be used to keep a wildcard certificate
up-to-date after it is deployed.
> At Tor2web software project, that require wildcard certificate to be
> used, we'd really love to integrate automation of certificate setup
> with ACME/LetsEncrypt.
I can't understand how a wildcard certificate, like, "*.example.com"
could work for tor2web, so maybe you can explain your situation more.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
