On Wed, Dec 16, 2015 at 9:35 AM, Julian Dropmann <[email protected]> wrote: > Either limit the certificate to be only usable from that origin it has been > verified from, or somehow get the consent of the domain owner. If not by > changing DNS config, it might involve some other mechanism.
I think you are somewhat confused. Certificates are not for full zones, they only name specific FQDNs. So a certificate for "example.com" is not valid for www.example.com or foo.example.com. Similarly, beta.example.com is not good for example.com or www.beta.example.com. RFC 6125 (https://tools.ietf.org/html/rfc6125) covers how certificates how to do name matching for certificates. Note that SRVname is the standard was for things identified via SRV records. Thanks, Peter _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
