[cabfpub] [cabfquest] Certificates for Internal server names
ben at digicert.com
Wed May 22 22:37:43 UTC 2013
No disagreement here. I think it depends on the term "resolvable" which in our case means capable of being resolved because it is within the publicly routable domain namespace. That's why I said, "even if it is not reachable from the Internet" later on. These concepts are best clarified with examples, which is what your response did. (I once used the term "dotless" name as an example, but you can imagine how quickly I was corrected in this group.)
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Adam Langley
Sent: Wednesday, May 22, 2013 4:16 PM
To: Ben Wilson
Subject: Re: [cabfpub] [cabfquest] Certificates for Internal server names
On Wed, May 22, 2013 at 6:07 PM, Ben Wilson <ben at digicert.com> wrote:
> According to the Baseline Requirements “Internal Server Name” is one
> that is “not resolvable using the public DNS.”
This seems, perhaps, a little confusing.
fooserver.corp.example.com may not be "resolvable using the public DNS" because example.com are running a split-horizon DNS and corp.example.com only resolves internally. But I wouldn't call it an internal server name. "fooserver.corp" would be an internal server name.
Is there a disagreement on this point that I wasn't previously aware of?
Public mailing list
Public at cabforum.org
More information about the Public