martin f krafft wrote:
In fact, there are three options right now:a/ collect and deploy the fingerprints, as you say b/ use a self-signed certificate with life-time 99 years just for this purpose c/ use public key fingerprints instead of the cert fingerprints I think (a) is really just ungood. I just implemented (c), which was trivial and solves the problem. Thanks also to Daniel Kahn Gilmor for the vital hint that made me realise Postfix 2.9 supports this. Long-term, I think I might want to look into (b) though. I like the idea of having a single certificate ("identity") of a host, that then gets used in its various facets, but that's actually probably not good security advice anyway.
Frankly I don't get why you prefer (b) over (a). If you enroll the LE certs in a central location then you already have the fingerprint and you don't have to collect them over an untrusted channel like for self-signed certs generated during OS installation (b). Well, you probably trust your SSH connection but right after OS deployment you have a hen-and-egg trust problem with SSH host key too.
Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
