Reply to post: Subdomain security

Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops

Claptrap314 Silver badge

Subdomain security

I'm no OpsE, but I don't quite understand the problem with subdomain maintenance, assuming that you are set up as a CA. I know my previous post arguing that everyone should be a CA had a mixed voting response, but this is precisely the class of thing that can and should be automated into oblivion. With your own CA, you can issue and revoke subdomain certs at will. If someone, somewhere, is on the hook to assert the continuing need for each subdomain in the business, then if they fail to assert, the automated process to remove the domain begins. (Warning email to them and their supervisor, wait X days...)

Yes, this is work to set up, but magnitudes less than cleaning up after a hijacking.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021