Instead of dynamic creation, could you sign a wildcard cert that covers everythi... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		sp332 on Nov 13, 2013 \| parent \| context \| favorite \| on: Moving forward on improving HTTP's security Instead of dynamic creation, could you sign a wildcard cert that covers everything?

donavanm on Nov 14, 2013 [–]

I suppose so, or maybe *.tld? Im thinking it would depend on your clients behavior. Clients dont go to that many unique fqdns, dynamic creation + caching should quite achievable.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact