Though I understand the argumentation behind such initiative from Microsoftâs side, I think theyâre at fault.
If they feel they have good reasons for applying their version of justice (who has or hasnât the right to a certificate) they should take the proper way to impose their laws.
If they feel so strongly about someone using âwindowsnotificationcenterâ in a URL, then they should argue that the TLD âwindowsnotificationcenter.comâ should not be given out in the first hand. If so, they would have to convince an Internet registrar to dance the M$ music, which could require more efforts (depending on the registrar) than putting up their power against a US based organization.
Bear in mind that M$ did a huge mistake in their choice of name. We all knew of the word âwindowsâ long before M$ existed. At least 1000 years before. And yes, we have reasons to use it as the first word in a sentence now and then, thereby spelling it with a capital âWâ.
If I understand it correctly, thereâs now someone holding a TLD (and paying for it), maybe running a business under the mentioned TLD, and suddenly being refused a certificate for the legally held TLD because M$ has deemed it inappropriate?
The fact that a CA accepts to play by M$'s rules and obey to M$'s wishes (which admittedly does have some sort of logic to it) means that the CA does two things I disagree about:
- They apply censorship (wasnât this something weâve read should not take place?).
- They obey to an external companyâs policy rules.
What happens next? Someone who runs a business in the name of âSchaffterâ (they do exist) which also happens to be my family name, turns over to say that if they canât object to me holding the schaffter.com TLD, theyâll at least hinder me from getting a cert for it? And the guy holding a TLD including the word âelectricsawâ would be refused because some tool company claims they have an âelectricsawserviceâ department?
My opinion :
If I hold a TLD it should be possible for me to hold a cert for the same TLD. If I canât get a cert, then the root case should be addressed, i.e. someone trying to refuse me the cert should try to refuse me the TLD, not the certificate.
Letâs Encrypt (and all other CAâs) should NOT dance to the music of any external company trying to protect their economical interests (Donât even try to convince me about the âfor the userâs interestâ thing. Iâve been in this business and on this planet too long to believe in that ****.)