[dns-operations] FYI: SAC057 - SSAC Advisory on Internal Name Certificates

Kim Davies kim.davies at icann.org
Fri Mar 15 21:15:49 UTC 2013

On Mar 15, 2013, at 10:57 AM, Robert Edmonds <edmonds at isc.org> wrote:
> i certainly hope the reference to "hr" being a "local" or "internal" or
> "non-unique" name is a mistake and that CAs would absolutely refuse to
> issue certs for names that are the same as a really existing TLD:
>    http://www.iana.org/domains/root/db/hr.html

We get a steady stream of requests from CAs to endorse certificates for non-existent
hosts under .int, because .int is used as the applicant's internal network.

On the bright side, these are CAs that are at least making an effort to check with the
registry for a definitive answer.


More information about the dns-operations mailing list