> Perhaps the "hostname" field I proposed could support wildcards. If the > server sends the client a challenge with a wildcard in the hostname, > the client would need to be prepared to respond to the challenge on any > hostname matching the wildcard. The CA can choose whether to send > a challenge for "*.example.com" or just "example.com" when validating a > wildcard authz for "*.example.com".
I couldn't think of a situation where someone owns and controls a domain, but would be unable to control any of the subdomains. So, wouldn't it be sufficient that for a wildcard domain (*.example.com), only the domain itself (example.com) is challenged? -- Richard Körber _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
