Though I understand the argumentation behind such initiative from Microsoft’s side, I think they’re at fault.
If they feel they have good reasons for applying their version of justice (who has or hasn’t the right to a certificate) they should take the proper way to impose their laws.
If they feel so strongly about someone using ‘windowsnotificationcenter’ in a URL, then they should argue that the TLD ‘windowsnotificationcenter.com’ should not be given out in the first hand. If so, they would have to convince an Internet registrar to dance the M$ music, which could require more efforts (depending on the registrar) than putting up their power against a US based organization.
Bear in mind that M$ did a huge mistake in their choice of name. We all knew of the word ‘windows’ long before M$ existed. At least 1000 years before. And yes, we have reasons to use it as the first word in a sentence now and then, thereby spelling it with a capital ‘W’.
If I understand it correctly, there’s now someone holding a TLD (and paying for it), maybe running a business under the mentioned TLD, and suddenly being refused a certificate for the legally held TLD because M$ has deemed it inappropriate?
The fact that a CA accepts to play by M$'s rules and obey to M$'s wishes (which admittedly does have some sort of logic to it) means that the CA does two things I disagree about:
- They apply censorship (wasn’t this something we’ve read should not take place?).
- They obey to an external company’s policy rules.
What happens next? Someone who runs a business in the name of ‘Schaffter’ (they do exist) which also happens to be my family name, turns over to say that if they can’t object to me holding the schaffter.com TLD, they’ll at least hinder me from getting a cert for it? And the guy holding a TLD including the word ‘electricsaw’ would be refused because some tool company claims they have an ‘electricsawservice’ department?
My opinion :
If I hold a TLD it should be possible for me to hold a cert for the same TLD. If I can’t get a cert, then the root case should be addressed, i.e. someone trying to refuse me the cert should try to refuse me the TLD, not the certificate.
Let’s Encrypt (and all other CA’s) should NOT dance to the music of any external company trying to protect their economical interests (Don’t even try to convince me about the “for the user’s interest” thing. I’ve been in this business and on this planet too long to believe in that ****.)