Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] SSL-certificates for OpenNIC based TLDs

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] SSL-certificates for OpenNIC based TLDs


Chronological Thread 
  • From: Jonah Aragon <jonaharagon AT gmail.com>
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] SSL-certificates for OpenNIC based TLDs
  • Date: Sun, 20 Nov 2016 09:54:34 -0600
  • Archived-at: <https://lists.opennicproject.org/sympa/arcsearch_id/discuss/2016-11/CABpHFPVy8N_G5MryMRkAA81Cm%2BPEO4_FgRHZCV7BrNW161KE%3Dw%40mail.gmail.com>
  • List-archive: <https://lists.opennicproject.org/sympa/arc/discuss>
  • List-id: <discuss.lists.opennicproject.org>

I personally think that ideally, OpenNIC will create a CA and issue Intermediate CAs to each TLD operator, and then immediately step back and let TLD operators design and govern how their CA is used.

OpenNIC will reserve the right to revoke any Intermediate CA, but after that all responsibility is on the TLD operators to issue, revoke, and even sign other Intermediate CAs under them.

A setup like that would ensure OpenNIC doesn't operate as anything other than as a basic infrastructure setup, while still holding the power to punish abuse by any TLD operator. This seems to be the most in line to OpenNIC's core ideals.

A more pressing matter would be how the private keys for the root CA are stored, I don't think we can trust any one person with that task. Some thought would have to be given to that system.

Jonah


On Nov 20, 2016 4:37 AM, "yanosz" <opennic AT yanosz.net> wrote:
Hello folks,

short one: Are there any ways to get TLS / SSL certificates for
non-ICANN TLDs, suche as OpenNIC ones?
Is there any CA issuing these certificates?

Thanks,
yanosz
--
For those of you without hope, we have rooms with color TV,
cable and air conditioning



--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org



--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org



Archive powered by MHonArc 2.6.19.

Top of Page