Re: [certid] What DNS-ID if also using a DNS-SRV?
Scott Lawrence <xmlscott@gmail.com> Thu, 01 July 2010 01:01 UTC
Return-Path: <xmlscott@gmail.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id DBA793A68D8 for <certid@core3.amsl.com>;
Wed, 30 Jun 2010 18:01:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5
tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8CqRJA7uth-I for
<certid@core3.amsl.com>; Wed, 30 Jun 2010 18:01:58 -0700 (PDT)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com
[209.85.212.44]) by core3.amsl.com (Postfix) with ESMTP id ADE013A68C7 for
<certid@ietf.org>; Wed, 30 Jun 2010 18:01:58 -0700 (PDT)
Received: by vws14 with SMTP id 14so47400vws.31 for <certid@ietf.org>;
Wed, 30 Jun 2010 18:02:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=domainkey-signature:received:received:message-id:date:from
:user-agent:mime-version:to:subject:references:in-reply-to
:content-type:content-transfer-encoding;
bh=ce0UvBV2wsvsEFD7C3ShNCs65ZBaEPgaY2PrVgxTxYI=;
b=wTLBWn04r5NeQ/XEW18srHq19di0CA5cqVCmXHkCmDFcjDr2JttT3QseeoyPM5xL7L
u22M0PQ1COdXNROqwAU0aJYvJ3n0a8uWNCiDveX70qQlx0tFWGsPKGcfvK+odiQyLPRH
zjHBb0+sf6FqkpeLp8rbOWt6LEHogFdCyaqKY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
h=message-id:date:from:user-agent:mime-version:to:subject:references
:in-reply-to:content-type:content-transfer-encoding;
b=q5CWlqJ9uyFAdwUvOXm94dUwzg4yF24qEbiuv/aweKG4k9vaJDPJ/Tumj8ZdYFxWo4
5S8GItQaj3rbeIGxHAGoG7xMutQ7Knj+l19kw2pwc468bBFUG8bHgKRyxRRdgt7kpIT9
0e2cvO72g5v4gCLQ0KaM/2jSkfYgkUIJftEbA=
Received: by 10.220.128.203 with SMTP id l11mr5210513vcs.265.1277946126777;
Wed, 30 Jun 2010 18:02:06 -0700 (PDT)
Received: from ybr.home.skrb.org (c-98-229-134-198.hsd1.ma.comcast.net
[98.229.134.198]) by mx.google.com with ESMTPS id
k8sm5232879vcr.30.2010.06.30.18.02.05 (version=SSLv3 cipher=RC4-MD5);
Wed, 30 Jun 2010 18:02:06 -0700 (PDT)
Message-ID: <4C2BE90A.90800@gmail.com>
Date: Wed, 30 Jun 2010 21:02:02 -0400
From: Scott Lawrence <xmlscott@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
rv:1.9.2.4) Gecko/20100608 Thunderbird/3.1
MIME-Version: 1.0
To: certid@ietf.org
References: <p062408bbc8388055fb6d@[10.20.30.158]>
<4C1CABA1.2050205@isode.com> <p0624082bc8427e79bd60@[10.20.30.158]> <4C2A6A72.5000109@stpeter.im> <20100630040935.GA26880@isc.upenn.edu>
<4C2B9054.40703@stpeter.im>
In-Reply-To: <4C2B9054.40703@stpeter.im>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [certid] What DNS-ID if also using a DNS-SRV?
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jul 2010 01:02:00 -0000
On 2010-06-30 14:43, Peter Saint-Andre wrote: > Correct. Here's the rub: > > mail.hostingprovider would have to be configured with that > certificate (with the co-operation of example.com). > > In most cases, the admins of example.com don't want to trust > hostingprovider.com with their private keys, and the admins of > hostingprovider.com don't want the legal liability of holding private > keys for example.com either. But mail.hostingprovider never needs the private keys for example.com - all they need is a cert signed by example.com. The TLS client can tell hostingprovider which cert to present, so they can have different ones for each client (of course, mine doesn't do that, but they could).
- [certid] What DNS-ID if also using a DNS-SRV? Paul Hoffman
- Re: [certid] What DNS-ID if also using a DNS-SRV? Shumon Huque
- Re: [certid] What DNS-ID if also using a DNS-SRV? Alexey Melnikov
- Re: [certid] What DNS-ID if also using a DNS-SRV? Paul Hoffman
- Re: [certid] What DNS-ID if also using a DNS-SRV? Alexey Melnikov
- Re: [certid] What DNS-ID if also using a DNS-SRV? Peter Saint-Andre
- Re: [certid] What DNS-ID if also using a DNS-SRV? Peter Saint-Andre
- Re: [certid] What DNS-ID if also using a DNS-SRV? Paul Hoffman
- Re: [certid] What DNS-ID if also using a DNS-SRV? Shumon Huque
- Re: [certid] What DNS-ID if also using a DNS-SRV? Shumon Huque
- Re: [certid] What DNS-ID if also using a DNS-SRV? Paul Hoffman
- Re: [certid] What DNS-ID if also using a DNS-SRV? Martin Rex
- Re: [certid] What DNS-ID if also using a DNS-SRV? Love Hörnquist Åstrand
- Re: [certid] What DNS-ID if also using a DNS-SRV? Paul Hoffman
- Re: [certid] What DNS-ID if also using a DNS-SRV? Alexey Melnikov
- Re: [certid] What DNS-ID if also using a DNS-SRV? Peter Saint-Andre
- Re: [certid] What DNS-ID if also using a DNS-SRV? Peter Saint-Andre
- Re: [certid] What DNS-ID if also using a DNS-SRV? Peter Saint-Andre
- Re: [certid] What DNS-ID if also using a DNS-SRV? Paul Hoffman
- Re: [certid] What DNS-ID if also using a DNS-SRV? Peter Saint-Andre
- Re: [certid] What DNS-ID if also using a DNS-SRV? Martin Rex
- Re: [certid] What DNS-ID if also using a DNS-SRV? Scott Lawrence
- Re: [certid] What DNS-ID if also using a DNS-SRV? Shumon Huque
- Re: [certid] What DNS-ID if also using a DNS-SRV? Shumon Huque
- Re: [certid] What DNS-ID if also using a DNS-SRV? Shumon Huque
- Re: [certid] What DNS-ID if also using a DNS-SRV? SM
- Re: [certid] What DNS-ID if also using a DNS-SRV? Peter Saint-Andre