On 10/15/2019 4:23 PM, Valdis Klētnieks wrote:
On Tue, 15 Oct 2019 12:52:18 -0400, Hector Santos said:
But it just dawn on me, should a site like the above domain be trusted
as a TTP (Trusted Third Party) CA? The bundle can contain TTP
"posers." For that matter, why should the user trust any CA anyway?
If there were a small number of top-level CAs of irreproachable reputation,
it wold be one thing. But when the bar is low enough that there's 600+
organizations that qualify....
The old centralization vs decentralization dilemma.
The technical security aspect of encryption is no longer good enough
-- certs now have to be CA-signed now. What concerns me is when
self-signed certs will be technically degraded (for many reasons,
including DPI overhead). I am seeing it at a localized (HTTPS) level.
I predict this is going to be a big problem. For SMTP, we don't have
the same Browser/CA market control.
Thanks Valdis and Arnt.
P.S. What is the end result of all this?
ietf-smtp mailing list