
Please stop advocating wildcard certificates - dijit
http://blog.dijit.sh/please-stop-advocating-wildcard-certificates?sage
======
tscs37
I slightly disagree with the author.

Wildcard certs are widely misused, but sometimes they are useful.

If a site like Tumblr contacted the LE servers each time someone starts up a
blog, the LE servers would most likely go belly up way to fast. Per-user
subdomains don't scale well if you are using LE.

I think there might be a solution somewhere in the middle, a hybrid-wildcard
so to speak.

Possibly allowing sites to get a wildcard cert that acts more like a CA, so
that the site owner can provision a cert per user...

