Randy Bush wrote:
it would ust make wildcards illegal in top level domains, not subdomains.
there are tlds with top level wildcards that are needed and in legitimate use.
verisign has not done anything strictly against spec. this is a social and business issue.
And this in itself indicates a possible failure in our model. When someone can do something that causes so much outrage, and we the community have no recourse, something is wrong. Maybe we're in the realm of politics, but our implementations reflect our values. Do you feel the same today about the GPG/PGP v. X.509 as you did before Verisign decided to become an unauthorized interloper? Might we have a standards problem with SSL, because people cannot simply NOT trust Verisign certs? After all, how many certificates can you get out of SSL for a server or a client?
all this noise and bluster is depressing. it indicates that we are in a very quickly maturing industry because a lot of probably-soon-to-be-ex engineers have too much time on their hands.
I take a different view. If people who are upset with Verisign's change DON'T say anything, then there's no reason for Verisign to change. I suspect that the better forum may be one's Congress person... Eliot