We have a proposal for a DNS Name attribute type. I wonder whether we should allow wildcards in DNS names, and if so, should we a general support or should we be limited to what is allowed for wildcard public-key certificates (the wildcard as the leftmost label, only one sublevel allowed). Something might also be added to the SAN extension in X.509. Erik