[cabfpub] ICANN, gTLD, internal names

Geoff Keating geoffk at apple.com
Fri Mar 15 15:27:27 MST 2013


One thing that does affect CAs is that if a heavily used internal TLD like .corp is made global, then there's still the possibility of conflict between an internal CA and a cert that a global CA issues.

For example, suppose Widgets Inc. uses widget.corp internally.  They have an internal CA and have issued a cert to www.widget.corp.  Now suppose ICANN allocates .corp and someone else registers widget.corp.  Even after 2016, that someone else can get a cert from a CABforum CA for www.widget.corp (since they own it) and then use that cert to attack Widgets Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4316 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20130315/8519b504/attachment.bin 


More information about the Public mailing list