On 02/28/2013 01:14 PM, Tony Finch wrote:
Robert Moskowitz <r...@htt-consult.com> wrote:
Feb 28 12:14:16 klovia named[22332]: validating @0xb421ba30: htt SOA: got
insecure response; parent indicates it should be secure
I think this suggests that one of the servers for htt doesn't have the
signed version.
Another reason not to use made-up domain names: CAs are going to stop
issuing X.509 certificates for them. (It baffles me why they ever did so.)
http://ssl.entrust.net/blog/?p=1831
Day job disclaimer: I work for Verizon Enterprise Systems. We have a
group that provides LOTS of server certs and is the leader in client
certs and attend HIMSS next week for more announcements.
But that said my personal position is: a made-up domain name should
never leak, and thus why are you getting a public cert for it? run your
own CA, add it to your trusted list and do what you got to do.
As to why they did so? It is called money.
But this is a different subject. Enough down this rat hole.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
