[dns-operations] Private domains, X.509 certificates, and CAA records
rharolde at umich.edu
Fri Sep 22 16:12:20 UTC 2017
On Fri, Sep 22, 2017 at 9:39 AM, Andrew Sullivan <ajs at anvilwalrusden.com>
> On Fri, Sep 22, 2017 at 11:58:51AM +0100, James Stevens wrote:
> > If there was some "official" way to create private TLDs
> There is. Create a PDP in ICANN.
> You are talking about management of labels in the context of the root
> zone of the DNS (as opposed to labels that are not in the DNS context
> even though they are domain names). That's something ICANN manages.
> > , then its possible
> > the certificate authorities would be happy to start issuing certs for
> I don't believe they ever will, for the reasons others have already
> noted. You might find comparison with the case of .onion informative.
> Best regards,
> Andrew Sullivan
> ajs at anvilwalrusden.com
Interesting. Do the CA's lookup CAA records in .onion domains? That might
be a reasonable proof of ownership.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations