use @code{SubjectAltName} extension), you can still make a decision to
forcefully trust the domain.
+@item
+CAs can have restrictions on what domains they are allowed to be served.
+
@item
Optional @url{https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities, DANE-EE} check.
@include spies.texi
@include certs.texi
@include tlsauth.texi
+@include restricted.texi
@include httpauth.texi
@include warcs.texi
@include gemini.texi