[RndTbl] Weird SSL agreement verbiage

Daryl F wyatt at prairieturtle.ca
Wed Dec 20 20:23:11 CST 2017


On Wed, 20 Dec 2017, Trevor Cordes wrote:

> No hits on the net about this, so I'll pick the MUUG brains instead:
>
> I just bought a new cheapo cert using the newly-acquired-by-GeoTrust-
> who-then-got-acquired-by-Symantec (I think; it's confusing) RapidSSL.  I'm 
> a fine-print reader... and the confirmation email lists the terms I must 
> accept and this one surprised me:
>
> 2. RapidSSL may issue SSL/TLS certificates for sites including one of the 
> domain names above as the leftmost label.
>
> Huh?  What does that even mean?  The more I thought about it, the more it 
> sounded suspiciously like they are saying they can issue a cert *to 
> someone else* (or themselves) like tecnopolis.otherdomain.com?  I'm not 
> even sure that makes sense.  Maybe I'm reading it incorrectly.
>
> Maybe they're just saying they could issue tecnopolis.us to someone else? 
> If so, why even mention that; it goes without saying.  No other cert 
> vendor I've dealt with has bothered to stipulate that before.
>
> Can anyone else decipher this verbiage?  Thanks!


I think they are saying (warning) customers that if they give me a cert 
for
    daryl.ca

then can also give a cert for some other entity
    daryl.ca.cx

just to avoid legal hassles and help customers avoid not-so-helpful 
browsers that will tack .com on the end of a domain if the DNS lookup 
fails. So if I am running the DNS authority for daryl.ca and it doesn't 
respond then dark forces could have a near replica at daryl.ca.com for 
whatever nefarious reasons.

-Daryl


More information about the Roundtable mailing list