[dns-operations] FYI: SAC057 - SSAC Advisory on Internal Name Certificates

Steve Sheng steve.sheng at icann.org
Fri Mar 15 18:14:06 UTC 2013


-----Original Message-----
From: Phil Regnauld <regnauld at nsrc.org>
Date: Friday, March 15, 2013 2:08 PM
To: "dns-operations at mail.dns-oarc.net" <dns-operations at mail.dns-oarc.net>
Subject: Re: [dns-operations] FYI: SAC057 - SSAC Advisory on Internal Name
Certificates

>Robert Edmonds (edmonds) writes:
>> 
>> i certainly hope the reference to "hr" being a "local" or "internal" or
>> "non-unique" name is a mistake and that CAs would absolutely refuse to
>> issue certs for names that are the same as a really existing TLD:
>> 
>>     http://www.iana.org/domains/root/db/hr.html
>
>    Not using FQDNs is foolish and unwarranted - and issuing certificates
>to
>    match unqualified names is not improving the general picture.
>
>    What I find more disturbing is this:
>
>
>€ Outreach to the CA/B forum7 and CAs, requesting that they treat
>applied for new gTLDs as if they were delegated TLDs as soon as
>possible, as well as discussing the broader implications and mitigation
>steps.
>
>    Good luck on that one.


Thanks Phil, 

  Appendix A and B of the report shows that CA/B already taken action with
ballot 96. 

Steve



>
>    Cheers,
>    Phil
>
>_______________________________________________
>dns-operations mailing list
>dns-operations at lists.dns-oarc.net
>https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>dns-jobs mailing list
>https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5023 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130315/43099d15/attachment.bin>


More information about the dns-operations mailing list