[dns-operations] FYI: SAC057 - SSAC Advisory on Internal Name Certificates
Steve Sheng
steve.sheng at icann.org
Fri Mar 15 18:14:06 UTC 2013
-----Original Message-----
From: Phil Regnauld <regnauld at nsrc.org>
Date: Friday, March 15, 2013 2:08 PM
To: "dns-operations at mail.dns-oarc.net" <dns-operations at mail.dns-oarc.net>
Subject: Re: [dns-operations] FYI: SAC057 - SSAC Advisory on Internal Name
Certificates
>Robert Edmonds (edmonds) writes:
>>
>> i certainly hope the reference to "hr" being a "local" or "internal" or
>> "non-unique" name is a mistake and that CAs would absolutely refuse to
>> issue certs for names that are the same as a really existing TLD:
>>
>> http://www.iana.org/domains/root/db/hr.html
>
> Not using FQDNs is foolish and unwarranted - and issuing certificates
>to
> match unqualified names is not improving the general picture.
>
> What I find more disturbing is this:
>
>
>€ Outreach to the CA/B forum7 and CAs, requesting that they treat
>applied for new gTLDs as if they were delegated TLDs as soon as
>possible, as well as discussing the broader implications and mitigation
>steps.
>
> Good luck on that one.
Thanks Phil,
Appendix A and B of the report shows that CA/B already taken action with
ballot 96.
Steve
>
> Cheers,
> Phil
>
>_______________________________________________
>dns-operations mailing list
>dns-operations at lists.dns-oarc.net
>https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>dns-jobs mailing list
>https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5023 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130315/43099d15/attachment.bin>
More information about the dns-operations
mailing list