On Sun 19/Oct/2025 03:22:00 +0200 Viktor Dukhovni via mailop wrote:
On Sat, Oct 18, 2025 at 06:14:03PM +0100, Andrew C Aitchison via mailop wrote:
How much trust should we put in the not-before date of a self-signed
certificate ?
None. For reputation based on how long a client domain has been around,
one would need to maintain a history of client connections, and assign a
small positive score to clients that have been connecting for months or
years, and have managed to stay clean. A reputation service may be able
to curate this sort of data.
Hm... certificates are real, reputation services are not: When I enter my
server's IP into TrendMicro's "reputation service"[*] it says it doesn't exist.
Yet, it has a Letsencrypt certificate. Ditto for mailop's MX.
Best
Ale
--
[*] https://servicecentral.trendmicro.com/en-us/ers/
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
