[RndTbl] Weird SSL agreement verbiage
Daryl F
wyatt at prairieturtle.ca
Wed Dec 20 20:23:11 CST 2017
On Wed, 20 Dec 2017, Trevor Cordes wrote:
> No hits on the net about this, so I'll pick the MUUG brains instead:
>
> I just bought a new cheapo cert using the newly-acquired-by-GeoTrust-
> who-then-got-acquired-by-Symantec (I think; it's confusing) RapidSSL. I'm
> a fine-print reader... and the confirmation email lists the terms I must
> accept and this one surprised me:
>
> 2. RapidSSL may issue SSL/TLS certificates for sites including one of the
> domain names above as the leftmost label.
>
> Huh? What does that even mean? The more I thought about it, the more it
> sounded suspiciously like they are saying they can issue a cert *to
> someone else* (or themselves) like tecnopolis.otherdomain.com? I'm not
> even sure that makes sense. Maybe I'm reading it incorrectly.
>
> Maybe they're just saying they could issue tecnopolis.us to someone else?
> If so, why even mention that; it goes without saying. No other cert
> vendor I've dealt with has bothered to stipulate that before.
>
> Can anyone else decipher this verbiage? Thanks!
I think they are saying (warning) customers that if they give me a cert
for
daryl.ca
then can also give a cert for some other entity
daryl.ca.cx
just to avoid legal hassles and help customers avoid not-so-helpful
browsers that will tack .com on the end of a domain if the DNS lookup
fails. So if I am running the DNS authority for daryl.ca and it doesn't
respond then dark forces could have a near replica at daryl.ca.com for
whatever nefarious reasons.
-Daryl
More information about the Roundtable
mailing list