[Top] [All Lists]

Re: [ietf-smtp] [OT] (signed TLDs)

2019-10-15 20:37:24
On 10/15/2019 4:23 PM, Valdis Klētnieks wrote:
On Tue, 15 Oct 2019 12:52:18 -0400, Hector Santos said:

But it just dawn on me, should a site like the above domain be trusted
as a TTP (Trusted Third Party) CA?  The bundle can contain TTP
"posers."   For that matter, why should the user trust any CA anyway?

If there were a small number of top-level CAs of irreproachable reputation,
it wold be one thing. But when the bar is low enough that there's 600+
organizations that qualify....

The old centralization vs decentralization dilemma.

The technical security aspect of encryption is no longer good enough -- certs now have to be CA-signed now. What concerns me is when self-signed certs will be technically degraded (for many reasons, including DPI overhead). I am seeing it at a localized (HTTPS) level. I predict this is going to be a big problem. For SMTP, we don't have the same Browser/CA market control.

Thanks Valdis and Arnt.

P.S.  What is the end result of all this?


ietf-smtp mailing list