7 Sep
2015
7 Sep
'15
10:59 p.m.
Viktor Dukhovni skrev den 2015-09-07 22:46:
All three are in fact fine. So the handling of TLSA CNAMEs seems to be broken.
+1
openssl.net and openssl.net is still same ssl/tls, skip restriction on subdomains then ? (include cname mx check or not)
but if openssl.net and openssl.org make subdomain restriction ?
cname to another tls/ssl is worst, where i think cname to same tls/ssl is still ok
no ?
i am just no expert yet