discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Jonah Aragon <jonah AT triplebit.net>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] Current SSL situation
- Date: Sat, 16 Dec 2017 22:29:08 -0600
After giving it some thought, I’m not necessarily sure we should have (an) “official” CA(s) at all. It may be a better idea to just have a list on the Wiki or elsewhere of CAs operated by community members. Users can judge based on how many sites utilize it, the verification processes for issuance, if it’s public—accepting issuance applications—or private, and how trustworthy the operators are, in a similar fashion to how users currently choose DNS servers.
An official centralized OpenNIC CA may not be what the spirit of this organization is about. A more decentralized solution could possibly work better in this aspect.
It’s late, and maybe that’s a bad idea. Just a thought.
Re: Theo: if these other entities were to operate an official CA, as proposed, then OpenNIC would be associated with said entities, by definition.
Jonah
Yes, but it also makes it seem like OpenNIC is associated with another company/entity, which we aren't.On Sat, Dec 16, 2017 at 4:37 PM, Matthias Merkel <matthias AT boltn-hosting.com> wrote:I do think we should have the names on it. The reason for this is that that way anyone knows who's responsible for it and who can be legally charged for any misbehaviours on the issuer side.
On Sat, Dec 16, 2017, 10:33 PM Theo B <me AT theos.space> wrote:If we do make a CA, I'd heavily prefer that we don't have names of other organizations on it (ex: BoltN, ModernTLD). It also needs to be something that the majority of active users on the ML approve of, and not just 8-12 people.-TheoOn Fri, Dec 15, 2017 at 2:34 PM, Matthias Merkel <matthias AT boltn-hosting.com> wrote:There's two CAs which would be interested in getting some like official status or something like that: Us (BoltN OpenNIC CA R1 and R2 for DV, OV and EV (EV on a browser we plan to release soon which will make using OpenNIC easier)) and ModernTLD (ModernTLD CA X2 (DV and OV as well as EV (with EV cross-signed by BoltN OpenNIC CA R1)).So CAs are there. They might not be ready yet but will come.For the browser however I need guidelines on which requirements CAs have to fullfil to become trusted for it.Matthias MerkelCTOBoltN Hosting LimitedCompany registration number 11081979On Fri, Dec 15, 2017 at 8:30 PM, Christopher <weblionx AT gmail.com> wrote:There is no known CA that supports OpenNIC. We have discussed it quite
a bit over the last couple of years but due to the complexity of
creating an entire CA no one has gone through with doing so. There is
interest in one by some members, at least.
> --------
On Fri, Dec 15, 2017 at 7:34 AM, Matthias Merkel
<matthias AT boltn-hosting.com> wrote:
> Is there currently any CA (even if not default trusted) for OpenNIC domains?
>
> If yes I'd like to integrate installation of their root certificate into the
> DNS updater we will release soon.
>
> If not I'd like to offer that we could provide such a CA service (free for
> DV certificates of course). We already operate an internal CA with highest
> security measures (if we had the money for them we could pass any CA audit
> including EV).
> --
>
> Matthias Merkel
> CTO
> BoltN Hosting Limited
> https://boltn-hosting.com
> Company registration number 11081979
>
>
>
>
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org
>
--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org
--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org
--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org
--Matthias Merkel
CTO
BoltN Hosting Limited
https://boltn-hosting.com
Company registration number 11081979
--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org
--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org
- [opennic-discuss] Current SSL situation, Matthias Merkel, 12/15/2017
- Re: [opennic-discuss] Current SSL situation, Christopher, 12/15/2017
- Re: [opennic-discuss] Current SSL situation, Matthias Merkel, 12/15/2017
- Re: [opennic-discuss] Current SSL situation, Theo B, 12/16/2017
- Re: [opennic-discuss] Current SSL situation, Matthias Merkel, 12/16/2017
- Re: [opennic-discuss] Current SSL situation, Theo B, 12/17/2017
- Re: [opennic-discuss] Current SSL situation, Jonah Aragon, 12/17/2017
- Re: [opennic-discuss] Current SSL situation, Theo B, 12/17/2017
- Re: [opennic-discuss] Current SSL situation, Matthias Merkel, 12/16/2017
- Re: [opennic-discuss] Current SSL situation, Theo B, 12/16/2017
- Re: [opennic-discuss] Current SSL situation, Matthias Merkel, 12/15/2017
- Re: [opennic-discuss] Current SSL situation, Christopher, 12/15/2017
Archive powered by MHonArc 2.6.19.