On Sat, 18 Oct 2025, Alessandro Vesely via mailop wrote:
On Mon 13/Oct/2025 07:29:50 +0200 Marco Moock wrote:
On 13.10.2025 14:17 Viktor Dukhovni via mailop <[email protected]> wrote:
Therefore, in the context of MTA-to-MTA (port 25) email relayng, a client
certificate could perhaps be used as a lookup key for client reputation,
that could be more robust than an IP address. And the DANCE working group
client id draft:
For which use case?
A spammer might just get various certificates for different host names via
letsencrypt.
A useful use case would be to certify when a domain/ organization began
operations. RDAP records are difficult to obtain for domain names, and IP
numbers don't have an active-from field.
Certificates have start and end date. However, the not-before date is moved
forward each time the certificate is renewed. It would be helpful to know
how long a domain has been certified, because the reputation of recently
published domains is not meaningful.
How much trust should we put in the not-before date of a self-signed
certificate ?
--
Andrew C. Aitchison Kendal, UK
[email protected]
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
