[dns-operations] FYI: SAC057 - SSAC Advisory on Internal Name Certificates
Phil Regnauld
regnauld at nsrc.org
Fri Mar 15 18:08:39 UTC 2013
Robert Edmonds (edmonds) writes:
>
> i certainly hope the reference to "hr" being a "local" or "internal" or
> "non-unique" name is a mistake and that CAs would absolutely refuse to
> issue certs for names that are the same as a really existing TLD:
>
> http://www.iana.org/domains/root/db/hr.html
Not using FQDNs is foolish and unwarranted - and issuing certificates to
match unqualified names is not improving the general picture.
What I find more disturbing is this:
• Outreach to the CA/B forum7 and CAs, requesting that they treat
applied for new gTLDs as if they were delegated TLDs as soon as
possible, as well as discussing the broader implications and mitigation
steps.
Good luck on that one.
Cheers,
Phil
More information about the dns-operations
mailing list