Discuss mailing list

[Blixa Morgan <blixa AT projectmakeit.com>]

Actually, from a cert signing side, Let's encrypt should have a master cert that is valid for anything, including non-icann domains.  What would prevent it from working is their domain validation service, which will attempt to connect to the domain name before approving the certificate.  Since they do not currently use opennic on their let's encrypt servers, they would get a DNS failure.

So all we would need to do is get them to set up a validation server that uses opennic, and all should be good.

On Sun, Apr 3, 2016, 17:59 Carlo Stemberger <carlo.stemberger AT gmail.com> wrote:

2016-04-03 21:42 GMT+02:00 Neal J. de Waard <inewbcake AT gmail.com>:

No, they cannot issue certs to domains under TLDs not recognized by ICANN

That's a pity. I see two possible solutions:

1) convince them to certify (at least) OpenNIC domains

2) create an alternative and convince Mozilla, Google etc. to consider their certificates as valid

Ciao!

Carlo

--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

--

-------------------------------------------
Q: Why is this email five sentences or less?
A: http://five.sentenc.es