[dns-operations] FYI: SAC057 - SSAC Advisory on Internal Name Certificates

Steve Sheng steve.sheng at icann.org
Fri Mar 15 18:14:06 UTC 2013

-----Original Message-----
From: Phil Regnauld <regnauld at nsrc.org>
Date: Friday, March 15, 2013 2:08 PM
To: "dns-operations at mail.dns-oarc.net" <dns-operations at mail.dns-oarc.net>
Subject: Re: [dns-operations] FYI: SAC057 - SSAC Advisory on Internal Name

>Robert Edmonds (edmonds) writes:
>> i certainly hope the reference to "hr" being a "local" or "internal" or
>> "non-unique" name is a mistake and that CAs would absolutely refuse to
>> issue certs for names that are the same as a really existing TLD:
>>     http://www.iana.org/domains/root/db/hr.html
>    Not using FQDNs is foolish and unwarranted - and issuing certificates
>    match unqualified names is not improving the general picture.
>    What I find more disturbing is this:
>€ Outreach to the CA/B forum7 and CAs, requesting that they treat
>applied for new gTLDs as if they were delegated TLDs as soon as
>possible, as well as discussing the broader implications and mitigation
>    Good luck on that one.

Thanks Phil, 

  Appendix A and B of the report shows that CA/B already taken action with
ballot 96. 


>    Cheers,
>    Phil
>dns-operations mailing list
>dns-operations at lists.dns-oarc.net
>dns-jobs mailing list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5023 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130315/43099d15/attachment.bin>

More information about the dns-operations mailing list