On Aug 1, 2017, at 2:53 PM, Walter H. <walte...@mathemainzel.info> wrote: > is there a problem, to have the organization that has the delegation of > ".home.arpa." also provide such SSL certificates > signed by an intermediate that got signed by any CA?
This is not how PKI works. For a browser to trust a signing authority, the signing authority has to be vetted as trustworthy. Honestly, PKI is a bit of a dumpster fire, but the point is that adding this requirement, even if we could, would not improve the situation. Please understand that the goal of network security, including PKI, is not to make warnings go away: it is to protect users from attacks on the security of their information and devices.
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet