1. 43
  1.  

  2. 8

    Yes! I know many people don’t like it, but I’m really happy about wildcard certificates which will solve one of our problems with securing our services.

    1. 2

      Why wouldn’t people like it?

      1. 3

        Mostly because it’s notorioisly hard to get correct. E.g., what level do you allow the wildcard at? Clearly a *.com certificate is a no-no, but what about *.co.il? After all, *.co.com would be valid. And based on that rule, at what level is a wildcard valid for www.foobar.pvt.k12.in.us? What about Google’s new .dev domain? In all these cases, you can have human-made rules, but it gets complicated and error-prone quickly. Mess anything up and you can suddenly generate valid certs for sites you don’t own.

        (These issues are similar to but distinct from cookie sharing rules, incidentally, where AFAIK browsers still just ship with massive lists of what’s legal and what isn’t.)

        1. 1

          (These issues are similar to but distinct from cookie sharing rules, incidentally, where AFAIK browsers still just ship with massive lists of what’s legal and what isn’t.)

          jup: https://publicsuffix.org/