At 21:57 +0000 12 Oct 2021, "brian m. carlson" <sandals@crustytoothpaste.net> wrote:
>I also just checked, and RFC 5280 specifies the rules for RFC 1123
>regarding host names in certificates.  So even if we did accept this, no
>publicly trusted CA could issue a certificate for such a domain, because
>to do so would be misissuance.  So this at best could help people who
>are either using plain HTTP or an internal CA using broken tools,
>neither of which I think argue in favor of supporting this.

Or people using a wildcard certificate.