Yea, but when I talk about the Plex Pass certs, I'm not on the internal network privacy concern that split-horizon suits, I'm talking about how TCSC fits customers with static and limited domain ownership.
The concern I saw in my recent past was needing to frequently add names to a name constraint extension, and managing N generations of intermediate CAs as they are expanded with new public domain realty present in external DNS and directory names that represent localized global brand presence and expansion. In that same past, I produced a 23kb TCSC as an interim to a dynamically modified managed service and enterprise RA. Fortunately, it broke zero browsers. > -----Original Message----- > From: Peter Bowen [mailto:[email protected]] > Sent: Monday, December 12, 2016 6:09 PM > To: Steve Medin <[email protected]> > Cc: Matt Palmer <[email protected]>; [email protected] > Subject: Re: [Trans] Redaction > > On Mon, Dec 12, 2016 at 3:02 PM, Steve Medin > <[email protected]> wrote: > > Yea, I'm stunned that 50% of respondents can operate in the strait > > jacket of TCSC, although I can see that working for Plex's customer IP > > address privacy concern. > > TCSC aligns with split-horizon DNS perfectly, so I'm not at all surprised at > this > result.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
