Hi Joris, I think it is all about domain registrars. You cannot prevent anyone generating self-signed certificate. That is no problem, they are not trusted by anyone. If you are talking about domain verified certificates provided (for example) by LetsEncrypt, that will be solved by good registrar policy as well. These certificates are generated only for already available domains. You will not be able to verify your domain unless registrar adds it into the TLD. If he refuses to add it for a reason, you will not get trusted certificate for it as well.
If registrars do their job well, I think there is no more work required for certificate providers. Do you agree? Cheers, Petr Dne 22.4.2017 v 21:36 Joris L. via Unbound-users napsal(a): > Thanks Paul, > > Evidently, indeed. If one registers a name it must be protected in any > code, ascii, ansi, utf ... > > Remains the problem of a man-in-the-middel and self generated > certificates with legitimate server names, given the rise of free ssl > certificates this may be a legitimate concern. It also suggests the > creation and validation of certificates on the client side must be > extended to registrars of domain names etc. to warrant safe usage. I've > not really put much thought in it since i'm not in a position to make a > difference anyway. > > Br, > > JL > > Sent from ProtonMail mobile
