On Sat, Jun 27, 2020 at 05:57:45PM -0700, Eric Rescorla wrote:
> On Sat, Jun 27, 2020 at 5:54 PM Toerless Eckert <t...@cs.fau.de> wrote:
>
> > On Sat, Jun 27, 2020 at 05:18:46PM -0700, Eric Rescorla wrote:
> > > Well, I understand you think you explained it, but unfortunately I don't
> > > find that argument persuasive, nor, I suspect, do others.
> > >
> > > The ACP operator can perfectly well set up mailxobxes if he desires to.
> > > >
> > >
> > > And if ACP required the operators to do so, I think that would also
> > resolve
> > > this issue from an IETF perspective (although you still would likely not
> > be
> > > able to get publicly verifiable certificates for this purpose, at least
> > > from any CA in the Mozilla root program, for the reasons I indicated
> > > previously).
> >
> > FInd the email in the thread where i eplained to Russ how a public CA
> > is useless if not dangerous for what the ACP does right now, but it
> > could be quite useful in future extensons, such as for interdomain
> > auhentication via ACMPE S/MIME.
> >
> > Please understand the use case first before thinking that apply
> > Internet public PKI requirements is always the right think to do.
> >
>
> I didn't say any such thing. I merely observed that it would not be
> compatible with the requirements those CAs operate under. That's why I put it
> in
> parentheses.
Thanks.
Cheers
Toerless
> -Ekr
--
---
t...@cs.fau.de
_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
