On Jun 24, 2014, at 9:29 AM, Robert Willmann <[email protected]> wrote:
> The argument, that you won't get a certificate for these names from someone > who > is regognized by your browser isn't valid: As you only would use such a > internal domain for your internal network, you would have to create a > internal > CA anyway (and put it in your browsers). You may be much smarter than me, but I have found that establishing and maintaining a full internal PKI is a bit more complicated than purchasing a certificate. Unless you're talking about half-assing it, in which case I'd wonder what the value of the eventual leaf certificates actually are, besides security theater. Is there a use case I am missing where certificates of unknown provenance would be beneficial to operational security? Matt
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
