[SSL Observatory] certificates for .local names [was: Re: DFN and subordinate CA domain-scoped whitelists]
Erwann ABALEA
erwann at abalea.com
Wed Nov 9 09:21:26 PST 2011
"Unified Communications", stupid software vendors, customer pressure.
Some CAs refuse to deliver such certificates and either lose money or
manage to educate the client.
2011/11/9 Daniel Kahn Gillmor <dkg at fifthhorseman.net>:
[...]
> I note that of the CAs who issued .local certs in the last month before
> the dataset was gathered, we have:
>
> * thawte
> * verisign
> * comodo
> * godaddy
> * register.com
> * starfield
> * geotrust
> * globalsign
> * usertrust
> * digicert
>
> It's a who's who of major CAs directly issuing these things, not
> subordinate CAs.
>
> Am i wrong in thinking that this makes the "please recount the number of
> CAs" concern seem like a distraction from deeper issues?
>
> Is there some reason that a legit CA should be certifying names in the
> .local zone at all?
--
Erwann.
More information about the Observatory
mailing list