On Wed, 13 Apr 2016, Andrew Ayer wrote:
Another possibility is for the extension to instead specify the number of *un*redacted labels at the end of the DNS-ID, which I suspect would satisfy almost all use cases. If a domain owner wants to redact, they probably want to redact all hostnames under a particular domain,
(no hats on) I don't think that is true. A big use case I think is to have certificates within and outside the split DNS view for the corporate versus public DNS. Eg *.nohats.ca and intranet.nohats.ca. Although I agree that an organisation should probably get two certificates in such a case. Is the implementation of the current text really that much harder? I think it would be better if the specification would not be limited, unless it is a significant continious cost (eg extra load on servers). The one-time programming cost seems less important[*] Paul [*] I am an implementor of RFCs too :) _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
