nanog mailing list archives
Re: Trivial change in Public Cert behaviour coming soon
From: John Levine via NANOG <nanog () lists nanog org>
Date: 23 May 2025 22:38:42 -0400
It appears that Grant Taylor via NANOG <nanog () lists nanog org> said:
Consider a web server that is serving up web pages to random people on the Internet completely unaffiliated / unassociated / unknown to the server; e.g. to you and your family. To be able to serve pages over HTTPS to them, a TLS certificate from a public CA that they trust MUST be used. Now assume, for the sake of discussion, that you have multiple such servers and they want to use mTLS to authenticate their identities to each other. -- Maybe it's for SMTP, or IKE, or VoIP, or....
As someone else noted, in this utterly implausible scenario (nobody uses domain certificates to authorize mail submission, and SMTP doesn't use client certs at all) you would have your private CA sign the certs for your users. You do know that you can have multiple signatures on the same cert, don't you? R"s, John _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/NDCK35UTDZ3R5HCKDO65ZTSURBCCDKH7/
Current thread:
- Re: Trivial change in Public Cert behaviour coming soon, (continued)
- Re: Trivial change in Public Cert behaviour coming soon John Levine via NANOG (May 27)
- Re: Trivial change in Public Cert behaviour coming soon Bjørn Mork via NANOG (May 27)
- Re: Trivial change in Public Cert behaviour coming soon Michael Thomas via NANOG (May 27)
- Re: Massive change in Public Cert behaviour coming soon John R. Levine via NANOG (May 27)
- Re: Massive change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 27)
- Re: Massive change in Public Cert behaviour coming soon Eliot Lear via NANOG (May 27)
- Re: Massive change in Public Cert behaviour coming soon Crist Clark via NANOG (May 27)
- Re: Massive change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 27)
- Re: Trivial change in Public Cert behaviour coming soon John Levine via NANOG (May 27)
- Re: Trivial change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 27)
- Re: Trivial change in Public Cert behaviour coming soon John Levine via NANOG (May 27)
- Re: Trivial change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 27)
- Re: Trivial change in Public Cert behaviour coming soon Chris Adams via NANOG (May 27)
- Re: Trivial change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 27)
- Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 27)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Massive change in Public Cert behaviour coming soon Tom Beecher via NANOG (May 27)
- Re: Massive change in Public Cert behaviour coming soon Jay Acuna via NANOG (May 27)
- Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 27)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Massive change in Public Cert behaviour coming soon nanog--- via NANOG (May 27)
- Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 27)
- Re: Massive change in Public Cert behaviour coming soon Christian de Larrinaga via NANOG (May 19)