In #3318 we implemented the exact blocklist policy to protect against a wildcard issuance covering a name on the exact blocklist. With the current PA implementation of WillingToIssue and WillingToIssueWildcard we had to use a fairly hackish solution of replacing a *. prefix with a x. prefix to allow issuance for a wildcard subdomain of an exact blocklist entry.
A way to do this less hackily is to separate out the blacklisting logic from the "well formed domain name" logic. Both WillingToIssue functions would call the "well formed domain" logic, but they would have different blacklisting logic
In #3318 we implemented the exact blocklist policy to protect against a wildcard issuance covering a name on the exact blocklist. With the current PA implementation of
WillingToIssueandWillingToIssueWildcardwe had to use a fairly hackish solution of replacing a*.prefix with ax.prefix to allow issuance for a wildcard subdomain of an exact blocklist entry.A way to do this less hackily is to separate out the blacklisting logic from the "well formed domain name" logic. Both
WillingToIssuefunctions would call the "well formed domain" logic, but they would have different blacklisting logic