Re: A primer on cross-origin information leaks from Peter Saint-Andre on 2018-05-21 (public-webappsec@w3.org from May 2018)

From: Peter Saint-Andre <stpeter@mozilla.com>
Date: Mon, 21 May 2018 14:42:57 -0600
To: John Wilander <wilander@apple.com>, Artur Janc <aaj@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <69a4c3d5-4bf6-ccd7-b98e-d3ca74869921@mozilla.com>

On 5/21/18 2:27 PM, John Wilander wrote:

<snip/>

> The wildcard notation differs in meaning across specs. In the case of
> wildcard certs I believe an asterisk only matches one segment, i.e.
> *.example.com <http://example.com> only matches a single subdomain, not
> subdomains of subdomains.

That's what Jeff Hodges and I specified in RFC 6125, anyway...

https://tools.ietf.org/html/rfc6125#section-6.4.3

Peter

Received on Monday, 21 May 2018 20:43:25 UTC