Hi Andrew, Thanks for a really thoughtful analysis here!
On Tue, Sep 17, 2024 at 11:13 AM Andrew Ayer via Servercert-wg < [email protected]> wrote: > Delegating DNS records using CNAME (e.g. with [3]) is > better, but not as easy because it requires the subscriber to operate > public-facing infrastructure. > I had understood that SCWG's BRs and the issuance of web PKI certs was indeed intended to only be for internet-accessible infrastructure anyway. Is it really a problem that SCWG needs to solve if people are trying to piggyback off the web PKI for their internal systems, rather than manage their own PKI model? This could be yet another nudge for people to stop doing that, which IMO would be a positive side-effect and not a counter-argument. Mike
_______________________________________________ Servercert-wg mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/servercert-wg
