[dns-operations] FYI: SAC057 - SSAC Advisory on Internal Name Certificates
Kim Davies
kim.davies at icann.org
Fri Mar 15 21:15:49 UTC 2013
On Mar 15, 2013, at 10:57 AM, Robert Edmonds <edmonds at isc.org> wrote:
>
> i certainly hope the reference to "hr" being a "local" or "internal" or
> "non-unique" name is a mistake and that CAs would absolutely refuse to
> issue certs for names that are the same as a really existing TLD:
>
> http://www.iana.org/domains/root/db/hr.html
We get a steady stream of requests from CAs to endorse certificates for non-existent
hosts under .int, because .int is used as the applicant's internal network.
On the bright side, these are CAs that are at least making an effort to check with the
registry for a definitive answer.
kim
More information about the dns-operations
mailing list