On 01.08.2017 20:04, Ted Lemon wrote:
On Aug 1, 2017, at 2:02 PM, Walter H. <walte...@mathemainzel.info <mailto:walte...@mathemainzel.info>> wrote:what is the real problem having stricht rules in this Draft/RFC to get an SSL certificate that can be used inside such an environment; so that no own PKI is neccessary?The problem is that it's not up to us to set these rules—it's up to CABF, and they have ruled on this, and (IMO) not capriciously.
is there a problem, to have the organization that has the delegation of ".home.arpa." also provide such SSL certificates
signed by an intermediate that got signed by any CA? and these should be a section in this Draft/RFC ...so that there is neither need of errors/warning neither red nor cowblue or other color; and also no need of having an own PKI
when not wanted to or or not having the knowledge about at all;it would be quite strange to think that anybody that use a browser for electronic banking has the knowledge about SSL ... by the way knowledge about SSL is more common than knowledge about DNSSEC ...
in good old german we would say: "wo ein Wille da ein Weg" or in strange English: "a way is open when its wanted to be open"
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
