Discuss mailing list

["Walter H." <Walter.H AT mathemainzel.info>]

On 28.05.2020 23:09, Erich Eckner wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Thu, 28 May 2020, Walter H. wrote:
>
> > On 28.05.2020 17:49, Erich Eckner wrote:
> > > On Wed, 27 May 2020, Walter H. wrote:
> > >
> > > > There is a simple solution for this problem ...
> > > >
> > > > as soon as it possible to receive E-mails from everyone even on a 
> > > > OpenNIC domain,
> > > > e.g.    hugo AT hello.reg.libre SSL/TLS is not the problem ...
> > >
> > > Sending and receiving emails from/to opennic tlds is possible and 
> > > always was
> >
> > then try sending me an E-mail using an E-mail-Adress of an OpenNIC 
> > domain?
>
> If you tell me your email address, I'll send to your opennic address. 
> My mail server can resolve opennic tlds, too - and I have no doubt, 
> that it will deliver to these domeins, too.

I meant it a little bit different:

have you got an OpenNIC mail address?

if so, try sending a Testmail from there to echo AT ipv6help.de

and tell me, what you got back;


> > OpenNIC is a parallel universe to the global DNS operated by 
> > IETF/IANA/...;
>
> Yes, I'm aware of this. That's why I asked, how you intend to 
> distribute certificates via email. As stated above, if properly 
> configured, mail servers can trivially send to opennic domains.

as long as there is a difference in what someone configures in

e.g. /etc/resolv.conf

this won't work;

in view of a server the fastest resolvers are always the ones operated 
by the hoster itself;

> > how would you S/MIME sign an email using any OpenNIC domain as sender 
> > and not assuming that the recipient has installed anything 3rd party?
>
> Ah, you are talking about getting certificates to be *used* on opennic 
> domains for email? Then I misunderstood your first email, sry.
no problem, but this should be the first step ..., before talking about 
SSL certificates on domains from a 'parallel universe' ...
> > you e.g. use PGP, which is just like self-signed;
> >
> > when you achieve to get an S/MIME x509 certificate signed by a CA 
> > already in the certstores for an OpenNIC email address, you are done;
>
> yes, for S/MIME certificates, this might work - if the official CA 
> resolves opennic, too.
exact your 'if' is the point: even you yourself don't use an official CA 
signed certificate for you E-mail

opennic AT eckner.net

although it would be possible without any problem;

everyone is an individual, so I think you have a reason not using an 
official CA signed s/mime certificate; why sould then such indivdual 
like you want use an official CA signed SSL certificate for a parallel 
universe domain?

I think it would be good to achieve it first on s/mime signing E-mails 
by official CA signed certificates;

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature