[dns-operations] Private domains, X.509 certificates, and CAA records

Bob Harold rharolde at umich.edu
Fri Sep 22 16:12:20 UTC 2017


On Fri, Sep 22, 2017 at 9:39 AM, Andrew Sullivan <ajs at anvilwalrusden.com>
wrote:

> On Fri, Sep 22, 2017 at 11:58:51AM +0100, James Stevens wrote:
> > If there was some "official" way to create private TLDs
>
> There is.  Create a PDP in ICANN.
>
> You are talking about management of labels in the context of the root
> zone of the DNS (as opposed to labels that are not in the DNS context
> even though they are domain names).  That's something ICANN manages.
>
> > , then its possible
> > the certificate authorities would be happy to start issuing certs for
> them.
>
> I don't believe they ever will, for the reasons others have already
> noted.  You might find comparison with the case of .onion informative.
>
> Best regards,
>
> A
>
> --
> Andrew Sullivan
> ajs at anvilwalrusden.com
>

Interesting.  Do the CA's lookup CAA records in .onion domains?  That might
be a reasonable proof of ownership.

-- 
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170922/1a9cde85/attachment.html>


More information about the dns-operations mailing list