Discuss mailing list

[Jonah Aragon <jonaharagon AT gmail.com>]

I personally think that ideally, OpenNIC will create a CA and issue Intermediate CAs to each TLD operator, and then immediately step back and let TLD operators design and govern how their CA is used.

OpenNIC will reserve the right to revoke any Intermediate CA, but after that all responsibility is on the TLD operators to issue, revoke, and even sign other Intermediate CAs under them.

A setup like that would ensure OpenNIC doesn't operate as anything other than as a basic infrastructure setup, while still holding the power to punish abuse by any TLD operator. This seems to be the most in line to OpenNIC's core ideals.

A more pressing matter would be how the private keys for the root CA are stored, I don't think we can trust any one person with that task. Some thought would have to be given to that system.

Jonah

On Nov 20, 2016 4:37 AM, "yanosz" <opennic AT yanosz.net> wrote:

Hello folks,

short one: Are there any ways to get TLS / SSL certificates for
non-ICANN TLDs, suche as OpenNIC ones?
Is there any CA issuing these certificates?

Thanks,
yanosz
--
For those of you without hope, we have rooms with color TV,
cable and air conditioning



--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org