On 2010-06-30 14:43, Peter Saint-Andre wrote:
Correct. Here's the rub:
mail.hostingprovider would have to be configured with that
certificate (with the co-operation of example.com).
In most cases, the admins of example.com don't want to trust
hostingprovider.com with their private keys, and the admins of
hostingprovider.com don't want the legal liability of holding private
keys for example.com either.
But mail.hostingprovider never needs the private keys for example.com -
all they need is a cert signed by example.com. The TLS client can tell
hostingprovider which cert to present, so they can have different ones
for each client (of course, mine doesn't do that, but they could).
_______________________________________________
certid mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/certid
