Y
Hacker News
new
|
ask
|
show
|
jobs
by
brohee
2175 days ago
The name constraint extension (
https://tools.ietf.org/html/rfc5280#section-4.2.1.10
) can help a lot with that, we chose to trust CA for all names but we could have had CAs for a way more limited set of domains.
Software support is far from universal sadly.