On Mon 2016-10-10 23:21:13 -0400, Peter Saint-Andre wrote: > So it's not necessarily the PSL per se. But CABF is merely one example > of a potential policy, I suppose.
making matters more confusing, the PSL itself these days contains two different values -- one of them related to PSL for the purposes of cookie-setting, and the other one for X.509 certificate issuance. As it says in the Divisions section of https://publicsuffix.org/list/ : >> While some applications, such as browsers when considering >> cookie-setting, treat all entries the same, other applications may >> wish to treat ICANN domains and PRIVATE domains differently. For >> example, Certification Authorities checking for wildcard misissuance >> would not issue a "*.com" wildcard cert ("com" is in the ICANN >> domains list) but could legitimately issue a "*.appspot.com" wildcard >> cert to the domain owner, in this case Google ("appspot.com" is in >> the PRIVATE domains list). if only we'd managed to get DBOUND better focused we might have something properly scalable to plug in here, alas :/ --dkg
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
