[dns-operations] Private domains, X.509 certificates, and CAA records

Tony Finch dot at dotat.at
Fri Sep 22 11:29:36 UTC 2017

James Stevens <James.Stevens at jrcs.co.uk> wrote:
> If there was some "official" way to create private TLDs, then its possible the
> certificate authorities would be happy to start issuing certs for them.

No, they won't, because it would create vulnerabilities by allowing one
organization to get certificates corresponding to internal names within a
different organization. The CAs have to prevent name collisions, which
requires a global registration system, such as the public DNS.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Southeast Fitzroy: Northerly, backing southwesterly, 5 or 6. Moderate,
occasionally rough later. Fair. Good.

More information about the dns-operations mailing list