> From: Tony Finch <[email protected]>
> Another reason not to use made-up domain names: CAs are going to stop
> issuing X.509 certificates for them. (It baffles me why they ever did so.)
> http://ssl.entrust.net/blog/?p=1831
That's another reason to publish your own DANE records including
TLSA and SMIMEA.
Also consider this comment in that announcement:
This issue is particularly a problem with Microsoft Exchange
users where non-FQDN names are used frequently
I wish that would be enough to get Microsoft to teach Exchange to
use DANE.
Why am I not surprised to see that the "recommended solutions" of
https://www.cabforum.org/Guidance-Deprecated-Internal-Names.pdf linked
from that Entrust.net web page mentions DANE or DNSSEC not at all but
does include some less plausible "solutions"?
Vernon Schryver [email protected]
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
