On Mon, Mar 23, 2026 at 03:18:40PM -0400, Jeffrey Walton wrote: > On Mon, Mar 23, 2026 at 3:01 PM Alan DeKok > <[email protected]@dmarc.ietf.org> wrote: > > Where can I get a certificate for mail.example.com < > > http://mail.example.com/> that is (a) trusted by end-user systems, and > > (b) is limited to id-kp-This-Is-A-Mail-Server? > > > > What happens now is one of 3 things: > > > > 1) use a web cert, and lie to the CA/B forum about what you're using it > > for. This (allegedly) means that they can revoke it at any point for > > mis-use > > > > 2) use a private CA, and have everyone else on the Internet refuse to talk > > to you, as your CA is unknown > > > > 3) don't use TLS.
The best answer for SMTP is DANE, and if need be run a private CA or self-sign the EE certs. > Regarding Item (2), wouldn't Trust on First Use (TOFU) work well? No. Not at all. First of all: no, because that's not strong enough. Second of all: how do you rotate keys? (you couldn't unless it's not TOFU but trust-always-no-matter-what, which is not what you want because see the first point :) > [...] > > And who needs a CA anyways? All we need is a hostname and a public key. > We don't need a CA to bind them. The hostname and public key information > is presented in an end-entity certificate, so that's all we need. The > self-signed certificate can be hosted in DNS and retrieved as required > since that seems to be the modern equivalent to the X.500 directory. The > world does not need to be adverse to self-signed certificates just because > the CA/BF does not care for them. Yes, but only if you're using DNSSEC. Then DNSSEC becomes _the PKI_ -- the one and only PKI, though, well, you can have alternate roots of course, so it's not that singular a PKI, but for every RP it _is_ singular indeed. I think that's the argument you're hinting at, and if so I'm in violent agreement. But you'll notice that DANE has not made much headway outside of SMTP (where it's made plenty, largely thanks to Viktor's efforts). Nico -- _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
