Hacker News new | past | comments | ask | show | jobs | submit login

Is there a "standard" TLD for internal use that will also fit this requirement?

The problem here is that there's no such thing as domain ownership, only domain renting. You forget to pay your bill (read: someone loses an email) and a core part of your infrastructure is up in smoke, or worse, taken over by a squatter.




Of course not. If there was a domain reserved for internal use and everyone could get a cert for it, everyone would be able to impersonate your internal hosts.

I don't think there's a way around coming up with a reliable process for renewing your domain. You somehow manage to do it for lots of other things already.


Some years ago, at least one of the popular CAs used to issue certs for RFC1918 IP addresses. Fun times.


It makes no sense to have publicly trusted certificates for names that have no defined legitimate meaning - what is being certified? Nothing. Accordingly no public CA is permitted to issue such certs.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: