On Wed, 12 Mar 2003 07:56:06 EST, Keith Moore said: > I think you mean "every domain"; DNS names don't need to correspond to hosts > anymore (and often don't). I'm not sure why it's inherently impractical to d o > this, especially if it were possible to have a single cert that covered > multiple domains (i.e. a statement of the form "mail.isp.com is a valid MX fo r > *.example.net" signed by example.net). I believe I saw a recent reference to some hosting provider that had on the order of half a million MX pointed at one mail server. I'd hate to see the size of the cert for that - 1 cert with 500K "yes, this is an agent for me" endorsements from 500K domains.
Attachment:
pgp00197.pgp
Description: PGP signature