On 4 June 2015 at 12:56, Michael Richardson <[email protected]> wrote: > Am I missing some piece of the puzzle? Some contemplated aspect of TLSA > which might let me say, "www.wireshark.org is an allowed name for > www.tcpdump.org"??
Well... ACME will let wireshark.org get a certificate for tcpdump.org, now that you have setup DNS. If you want them to be able to use your name, then allow them to have a certificate for it. SNI is a problem, but you might decide that IE 6 and Android 2.2 users aren't that important. I know several people running services that rely on SNI alone happily. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
