[dns-operations] Private domains, X.509 certificates, and CAA records
Bob Harold
rharolde at umich.edu
Fri Sep 22 16:12:20 UTC 2017
On Fri, Sep 22, 2017 at 9:39 AM, Andrew Sullivan <ajs at anvilwalrusden.com>
wrote:
> On Fri, Sep 22, 2017 at 11:58:51AM +0100, James Stevens wrote:
> > If there was some "official" way to create private TLDs
>
> There is. Create a PDP in ICANN.
>
> You are talking about management of labels in the context of the root
> zone of the DNS (as opposed to labels that are not in the DNS context
> even though they are domain names). That's something ICANN manages.
>
> > , then its possible
> > the certificate authorities would be happy to start issuing certs for
> them.
>
> I don't believe they ever will, for the reasons others have already
> noted. You might find comparison with the case of .onion informative.
>
> Best regards,
>
> A
>
> --
> Andrew Sullivan
> ajs at anvilwalrusden.com
>
Interesting. Do the CA's lookup CAA records in .onion domains? That might
be a reasonable proof of ownership.
--
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170922/1a9cde85/attachment.html>
More information about the dns-operations
mailing list