On Wed, 12 Mar 2003 07:56:06 EST, Keith Moore said:
I think you mean "every domain"; DNS names don't need to correspond to hosts
anymore (and often don't). I'm not sure why it's inherently impractical to d
o
this, especially if it were possible to have a single cert that covered
multiple domains (i.e. a statement of the form "mail.isp.com is a valid MX fo
r
*.example.net" signed by example.net).
I believe I saw a recent reference to some hosting provider that had on the
order of half a million MX pointed at one mail server. I'd hate to see
the size of the cert for that - 1 cert with 500K "yes, this is an agent for
me" endorsements from 500K domains.
pgp3wBY61HUgU.pgp
Description: PGP signature