Discuss mailing list

[Amunak <amunak AT amunak.net>]

They shouldn't really exist as the CA/Browser forum requirements for CAs state that the CA should verify the ownership of the domain(s) that the certificate is issued to. And since OpenNIC domains aren't recognized by them (and we could technically make up any TLD that ICANN later registers or even conflicting one right now) they cannot allow that.

We could (and probably should) roll our own CA for OpenNIC TLDs, perhaps with an intermediate for each TLD or something and then give out those certs (ideally together with the registrations of the domains). When someone goes on to configure their DNS to OpenNIC servers it shouldn't be much harder to also add a trusted CA to their certificate store.

It would however require a lot of buerocracy on our part (as in writing at least some guidelines and such).

Amunak

On 20.11.2016 11:36, yanosz wrote:

Hello folks,

short one: Are there any ways to get TLS / SSL certificates for
non-ICANN TLDs, suche as OpenNIC ones?
Is there any CA issuing these certificates?

Thanks,
yanosz

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org