View Issue Details

IDProjectCategoryView StatusLast Update
0000792Main CAcert Websitecertificate issuingpublic2013-01-15 23:17
Reporteriang Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0000792: addition of non-routable IANA numbers as member domains
DescriptionA member can add a domain 10.0.0.1 or 192.168.1.1, etc. These are reserved by IANA for local / non-routable purposes. Consequently, when doing a whois on these numbers, the results report IANA as the owner. When a ping check is launched, this results in a ticket in IANA's support system, which generates a standard response message back to support. Approximately one per month. Annoying to all.
Additional InformationIt is not entirely clear what the business case for delivering certs to local numbers is. They do provide some local security, but they are re-usable in other people's networks. Or, if being used, any other person can get one too by asking. So they are somewhat equivalent to self-signed certs.

There is a vociferous minority over at Mozilla that wants to ban them.
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

related to 0000325 closed Adding the ability for CAcert admins to blacklist domain names from being verified 
related to 0000290 closedSourcerer blacklist for registrar email addresses in the whois addresses 
has duplicate 0000915 closedNEOatNHNG Domain request with ip numbers are sent to IANA 

Activities

INOPIAE

2011-05-17 21:50

updater   ~0001965

see ticket s20110517.82 and s20110517.87

I requestetd the header of the original Mail

Received: from wwwmail.cacert.org (cacert.org [IPv6:2001:7b8:3:9c::245] (may be
forged)) by pechora7.dc.icann.org (8.13.8/8.13.8) with ESMTP id p4HF4Sd3012757
for <abuse@iana.org>; Tue, 17 May 2011 11:04:48 -0400
Received: from http://www.cacert.org (localhost [127.0.0.1]) by wwwmail.cacert.org
(Postfix) with SMTP id 7BEDFB01D9 for <abuse@iana.org>; Tue, 17 May 2011
16:40:18 +0200 (CEST)
Subject: [CAcert.org] Email Probe
Sender: returns@cacert.org
Date: Tue, 17 May 2011 16:40:18 +0200 (CEST)
To: abuse@iana.org
From: support@cacert.org

NEOatNHNG

2011-05-17 21:58

administrator   ~0001966

Proposed solution: disallow certs for IP addresses alltogether

Issue History

Date Modified Username Field Change
2009-11-21 21:12 iang New Issue
2009-11-22 11:11 iang Relationship added related to 0000325
2009-11-22 11:12 iang Relationship added related to 0000290
2011-05-17 18:37 NEOatNHNG Relationship added has duplicate 0000915
2011-05-17 21:50 INOPIAE Note Added: 0001965
2011-05-17 21:58 NEOatNHNG Note Added: 0001966
2013-01-15 23:17 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 416d776e