Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] broken https on reg.libre

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] broken https on reg.libre


Chronological Thread  
  • From: Erich Eckner <opennic AT eckner.net>
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] broken https on reg.libre
  • Date: Thu, 28 May 2020 23:09:56 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, 28 May 2020, Walter H. wrote:

On 28.05.2020 17:49, Erich Eckner wrote:

On Wed, 27 May 2020, Walter H. wrote:

There is a simple solution for this problem ...

as soon as it possible to receive E-mails from everyone even on a OpenNIC domain,
e.g.    hugo AT hello.reg.libre SSL/TLS is not the problem ...

Sending and receiving emails from/to opennic tlds is possible and always was

then try sending me an E-mail using an E-mail-Adress of an OpenNIC domain?

If you tell me your email address, I'll send to your opennic address. My mail server can resolve opennic tlds, too - and I have no doubt, that it will deliver to these domeins, too.


OpenNIC is a parallel universe to the global DNS operated by IETF/IANA/...;

Yes, I'm aware of this. That's why I asked, how you intend to distribute certificates via email. As stated above, if properly configured, mail servers can trivially send to opennic domains.


- but I doubt the usability of that, because big email providers like gmail will most certainly not evaluate the email domain as valid.
nearly no mail server accepts an OpenNIC email domain as valid ...

How would you distribute certificates via email?

how would you S/MIME sign an email using any OpenNIC domain as sender and not assuming that the recipient has installed anything 3rd party?

Ah, you are talking about getting certificates to be *used* on opennic domains for email? Then I misunderstood your first email, sry.


you e.g. use PGP, which is just like self-signed;

when you achieve to get an S/MIME x509 certificate signed by a CA already in the certstores for an OpenNIC email address, you are done;

yes, for S/MIME certificates, this might work - iff the official CA resolves opennic, too.

regards,
Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl7QKKYACgkQCu7JB1Xa
e1qWdhAArGKe1gCvSYdMyWZAI7TAV0qnr+nLMPmVd1xU19ecr28OX9V9MSWsAu2/
vzlGUFTWzuWFm9hz00odjL60si/0SCMX5m3TCxTDP/Tisy8/R4b7sX4LjitmvxW4
uDiCgzPnbQ35sChyJExtml0FbXAfwBfZCl8YZgrK2r9ATqp4WJIxHODGZE7EnMoy
m01kMeH5DutCEeRCsoppeTF56hw2WFlYR6eAhpbWSv/h52ALto9aP5kpTiH9YFth
BNamW5kYRikx2Q5NIoIA87tDA1Cm1GuY50oiEuudQ8HPkUd70KsMVgvPnVV/pG9X
5c4hNLASPLNNjQcsFZ6gWGgu1mt9121Ma6wET8R82J4xpUt9XzYJh7lwuePBlygG
W7KJag8bC3Xb8lzKbuVgtDGA906WhATLRlKTJgszo8wRyR8G93mzZPIkN9G1fGab
Pv2w5wxeWjXbs1DNWBoywAz6kVq6BkeDc8fP62MIv585AfS3qCqYwDXzFUxzNphR
f4EfSKCbL8Vce9CCoE4B/41v/ZuvW5K/Bx3ame6Ctbpc1h211ZOpWmP98rfNeAzx
2uGnFWSzACTV/3jBHYDLA+eYYY2wi9Rn5gfgm3y41y3mFy6/gZPWK9m4/bSDEOxE
4k+3/cIP5nhVcdGv2cLgBZZNhnh3w7+GTOMWwxe+/21O/mRKhF4=
=5J4s
-----END PGP SIGNATURE-----


Archive powered by MHonArc 2.6.19.

Top of Page