Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] SSL-certificates for OpenNIC based TLDs

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] SSL-certificates for OpenNIC based TLDs


Chronological Thread 
    < Chronological >      < Thread >
  • From: Jonah Aragon <jonaharagon AT gmail.com>
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] SSL-certificates for OpenNIC based TLDs
  • Date: Sun, 20 Nov 2016 08:37:09 -0600
  • Archived-at: <https://lists.opennicproject.org/sympa/arcsearch_id/discuss/2016-11/CABpHFPU9h0KSAawVZ9-T%3Dq2nggmsGgFVdLWoQK4R8U%2BcX7FM0w%40mail.gmail.com>
  • List-archive: <https://lists.opennicproject.org/sympa/arc/discuss>
  • List-id: <discuss.lists.opennicproject.org>


> We could (and probably should) roll our own CA for OpenNIC TLDs, perhaps with an intermediate for each TLD or something and then give out those certs (ideally together with the registrations of the domains). When someone goes on to configure their DNS to OpenNIC servers it shouldn't be much harder to also add a trusted CA to their certificate store.

This was my thought on the IRC channel and I think it's the best option we have for distributing certificates.

While adding a CA requires trust from the user, so does changing DNS servers, since we could potentially redirect google.com, paypal.com, or any other domain to wherever we'd like. The OpenNIC community is built on trust and it's worked out so far. If it ever comes down to a vote whether or not we make a CA, I'd definitely vote yes.

Jonah



--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

Archive powered by MHonArc 2.6.19.

Top of Page