W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2018

Re: A primer on cross-origin information leaks

From: Peter Saint-Andre <stpeter@mozilla.com>
Date: Mon, 21 May 2018 14:42:57 -0600
To: John Wilander <wilander@apple.com>, Artur Janc <aaj@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <69a4c3d5-4bf6-ccd7-b98e-d3ca74869921@mozilla.com>
On 5/21/18 2:27 PM, John Wilander wrote:

<snip/>

> The wildcard notation differs in meaning across specs. In the case of
> wildcard certs I believe an asterisk only matches one segment, i.e.
> *.example.com <http://example.com> only matches a single subdomain, not
> subdomains of subdomains.

That's what Jeff Hodges and I specified in RFC 6125, anyway...

https://tools.ietf.org/html/rfc6125#section-6.4.3

Peter



Received on Monday, 21 May 2018 20:43:25 UTC

This archive was generated by hypermail 2.3.1 : Monday, 21 May 2018 20:43:26 UTC