>>>>> "VD" == Viktor Dukhovni <[email protected]> writes:
VD> FWIW Postfix by default (Postini work-around) supports wildcard VD> certificates that match multiple DNS labels: VD> http://www.postfix.org/postconf.5.html#tls_wildcard_matches_multiple_labels VD> The folks at Postini have a wildcard cert for "*.psmtp.com" and VD> clients publish MX records of the form: VD> verisign.com. IN MX 100 verisign.com.s6a1.psmtp.com. VD> verisign.com. IN MX 200 verisign.com.s6a2.psmtp.com. VD> verisign.com. IN MX 300 verisign.com.s6b1.psmtp.com. VD> verisign.com. IN MX 400 verisign.com.s6b2.psmtp.com. For some historical context, mozilla's original wildcarded ssl implement- ation also allowed an *. to match any number of labels. Several sites were broken by the change to limit a wildcard to a single label. -JimC -- James Cloos <[email protected]> OpenPGP: 1024D/ED7DAEA6 _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
