My apologies to a couple of people on this thread to whom I inadvertantly send private replies to. I will paraphrase my replies to those two individuals publicly:
In short, 10.x.x.x or myserver or myserver.local (at least until such time ans IANA/ICANN sells .local to the highest bidder) are non- routable over the internet. If I, as an admin with 1000 users on 3000 different devices wish to obtain a CA sign cert to suppress browser errors for sites on my LAN for my users wish to pay a CA for that convenience rather than paying IANA/ICANN or one of there flunkies (who incidentally perform zero verification when I buy a domain), be prevented from doing so? Because of vulnerabilities in the DNS system, or possibly hi-jacking of a HOSTS file? It seems to me that DNS vulnerabilities and/or the ability of a malevolent party to alter a HOSTS file are the responsibility of those who code DNS servers and operating systems respectively. Not my responsibility, nor that of the CA. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
