[dns-operations] FYI: SAC057 - SSAC Advisory on Internal Name Certificates

Phil Regnauld regnauld at nsrc.org
Fri Mar 15 18:08:39 UTC 2013

Robert Edmonds (edmonds) writes:
> i certainly hope the reference to "hr" being a "local" or "internal" or
> "non-unique" name is a mistake and that CAs would absolutely refuse to
> issue certs for names that are the same as a really existing TLD:
>     http://www.iana.org/domains/root/db/hr.html

    Not using FQDNs is foolish and unwarranted - and issuing certificates to
    match unqualified names is not improving the general picture.

    What I find more disturbing is this:

• Outreach to the CA/B forum7 and CAs, requesting that they treat
applied for new gTLDs as if they were delegated TLDs as soon as
possible, as well as discussing the broader implications and mitigation

    Good luck on that one.


More information about the dns-operations mailing list