On Sat, Jun 27, 2020 at 5:54 PM Toerless Eckert <t...@cs.fau.de> wrote:
> On Sat, Jun 27, 2020 at 05:18:46PM -0700, Eric Rescorla wrote: > > Well, I understand you think you explained it, but unfortunately I don't > > find that argument persuasive, nor, I suspect, do others. > > > > The ACP operator can perfectly well set up mailxobxes if he desires to. > > > > > > > And if ACP required the operators to do so, I think that would also > resolve > > this issue from an IETF perspective (although you still would likely not > be > > able to get publicly verifiable certificates for this purpose, at least > > from any CA in the Mozilla root program, for the reasons I indicated > > previously). > > FInd the email in the thread where i eplained to Russ how a public CA > is useless if not dangerous for what the ACP does right now, but it > could be quite useful in future extensons, such as for interdomain > auhentication via ACMPE S/MIME. > > Please understand the use case first before thinking that apply > Internet public PKI requirements is always the right think to do. > I didn't say any such thing. I merely observed that it would not be compatible with the requirements those CAs operate under. That's why I put it in parentheses. -Ekr
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima