On Jan 21, 2013, at 3:01 PM, Colm MacCárthaigh <[email protected]> wrote:
> For similar reasons, Certificate authorities take precautions when > signing wildcard certificates, to ensure that the level of the domain > being signed is appropriate. If a CA were to give Nominet a > certificate for *.co.uk - that would be a problem. But giving me > *.stdlib.net certificate is fine, even though it's the same number of > dots. > > So in theses cases, the suffix lists are used to help protect privacy. I see. So for decades now we've all agreed that calculating trust based on domain names was a bad idea. Then someone (at Mozilla?) came up with the revolutionary new "public suffix" which we can go forth and use for the same purpose. This is awesome, I'm going to go dust off my .rhosts files. Matt _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
