[x500standard] Re: [T17Q11] Wildcard DNS name
- From: "Erik Andersen" <era@xxxxxxx>
- To: "'Paul E. Jones'" <paulej@xxxxxxxxxxxxxx>, "'Directory list'" <x500standard@xxxxxxxxxxxxx>, "'SG17-Q11'" <T13sg17q11@xxxxxxxxxxxxx>
- Date: Tue, 29 Apr 2014 14:12:04 +0200
Hi Paul,
It is my understanding that it only represents a single label. See
http://en.wikipedia.org/wiki/Wildcard_certificate. RFC 2818 contains some
information.
Kind regards,
Erik
From: "" <dmarc-noreply-outsider@xxxxxxxxxxxxx> (Redacted sender
"paulej@xxxxxxxxxxxxxx" for DMARC)
Sent: Tuesday, April 29, 2014 12:39 PM
To: Erik Andersen; Directory list; SG17-Q11
Subject: Re: [T17Q11] Wildcard DNS name
Erik,
I have a question about this. Does the wildcard represent a single label or any
number of labels? For example, would *.example.com <http://example.com> cover
foo.bar.example.com <http://foo.bar.example.com> ? From what you've written, it
sounds like it would not.
Paul
_____
From: Erik Andersen <era@xxxxxxx <mailto:era@xxxxxxx> >
Sent: April 29, 2014 6:00:28 AM EDT
To: Directory list <x500standard@xxxxxxxxxxxxx
<mailto:x500standard@xxxxxxxxxxxxx> >, SG17-Q11 <T13sg17q11@xxxxxxxxxxxxx
<mailto:T13sg17q11@xxxxxxxxxxxxx> >
Subject: [T17Q11] Wildcard DNS name
Hi,
I have proposed the following text to end of the text of the proposed DNS name
attribute type.
A DNS name to be used as a name in a public-key certificate or in an attribute
certificate shall be a fully-qualified domain name (FQDN), i.e., it shall
identify a particular entity. A FQDN may have an asterisk ('*') as an
additional leftmost label, which is a substitute (wildcard) for all labels of
the next levels of subdomains of the domain identified by the FQDN without the
asterisk.
Please comment on whether such paragraph is useful, and if so, you might
suggest a more elegant formulation.
Regards,
Erik
Other related posts:
- » [x500standard] Re: [T17Q11] Wildcard DNS name - Erik Andersen
