[dns-operations] Private domains, X.509 certificates, and CAA records

Andrew Sullivan ajs at anvilwalrusden.com
Fri Sep 22 13:39:49 UTC 2017

On Fri, Sep 22, 2017 at 11:58:51AM +0100, James Stevens wrote:
> If there was some "official" way to create private TLDs

There is.  Create a PDP in ICANN.

You are talking about management of labels in the context of the root
zone of the DNS (as opposed to labels that are not in the DNS context
even though they are domain names).  That's something ICANN manages.

> , then its possible
> the certificate authorities would be happy to start issuing certs for them.

I don't believe they ever will, for the reasons others have already
noted.  You might find comparison with the case of .onion informative.

Best regards,


Andrew Sullivan
ajs at anvilwalrusden.com

More information about the dns-operations mailing list