[cabfpub] [cabfquest] Certificates for Internal server names

Ben Wilson ben at digicert.com
Wed May 22 22:37:43 UTC 2013

No disagreement here.  I think it depends on the term "resolvable" which in our case means capable of being resolved because it is within the publicly routable domain namespace.  That's why I said, "even if it is not reachable from the Internet" later on.  These concepts are best clarified with examples, which is what your response did.  (I once used the term "dotless" name as an example, but you can imagine how quickly I was corrected in this group.)  

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Adam Langley
Sent: Wednesday, May 22, 2013 4:16 PM
To: Ben Wilson
Subject: Re: [cabfpub] [cabfquest] Certificates for Internal server names

On Wed, May 22, 2013 at 6:07 PM, Ben Wilson <ben at digicert.com> wrote:
> According to the Baseline Requirements “Internal Server Name” is one 
> that is “not resolvable using the public DNS.”

This seems, perhaps, a little confusing.

fooserver.corp.example.com may not be "resolvable using the public DNS" because example.com are running a split-horizon DNS and corp.example.com only resolves internally. But I wouldn't call it an internal server name. "fooserver.corp" would be an internal server name.

Is there a disagreement on this point that I wasn't previously aware of?


Public mailing list
Public at cabforum.org

More information about the Public mailing list