I didn't downvote you, but there are different reasons why you would like to use a wildcard certificate and even if those reasons are not aligned with your goals they shouldn't be dismissed.
I know two, at least. For a small communitary school in my city, teachers and students keep blogs in a wordpress multi user server, for storing data or doing webdev examples. They have a subdomain setup and cannot use ssl as the domain name will always be unknown by the person who creates the blog and the wildcard is too expensive for something they do in their free time.
I'm sure your points are valid, but you cannot define the thread model of others so easy. And don't get mad by downvotes, upvoting or downvoting is pretty boring
I know two, at least. For a small communitary school in my city, teachers and students keep blogs in a wordpress multi user server, for storing data or doing webdev examples. They have a subdomain setup and cannot use ssl as the domain name will always be unknown by the person who creates the blog and the wildcard is too expensive for something they do in their free time.
Sandstorm uses unknown subdomains as a way to avoid possible security issues https://docs.sandstorm.io/en/latest/administering/wildcard/#...
I'm sure your points are valid, but you cannot define the thread model of others so easy. And don't get mad by downvotes, upvoting or downvoting is pretty boring