On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson <[email protected]> wrote: > I wonder if people really care about this usage any more -- it does not > scale well (all domains have to be encoded in the same cert => big > certs) and introduces an indirection which often leaves room for > attackers
I don't understand what problem you're solving by doing this. As you said, it's just going to make the certs bigger and overcomplicates things. Using the common name works fine and, for better or for worse, is just about the only thing supported by any of the cheap or free cert providers these days. Just because it's in the RFC doesn't necessarily make it a best practice, and I think in this case you're just making more issues and work for yourself for no benefit. —Sam -- Sam Whited pub 4096R/54083AE104EA7AD3
