Dnia 17.05.2025 o godz. 15:55:48 Andrew C Aitchison via mailop pisze: > >Of course if I would implement cert auth, I would prefer to issue > >certificates to my users by my own CA; but if the public-issued cert > >would contain a *validated* email address as the subject, what > >speaks against using it for authentication as this (and only this) > >email user? > > How would the pulic CA know which user on your domain actually sent > the request ? Validation proves the domain but trusts that the domain > is honest about the localpart.
I was specifically describing the *hypothetical* scenario where you submit a cert request to CA specifying an email address, and you get a confirmation link to that email address, which you must click to validate the email. That certificate would identify an *email address*, not a *domain*. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
