On Sun 19/Oct/2025 13:44:42 +0200 Slavko via mailop wrote:
Dňa 19. októbra 2025 10:57:53 UTC používateľ Alessandro Vesely via mailop
<[email protected]> napísal:
Hm... certificates are real, reputation services are not: When I enter
my server's IP into TrendMicro's "reputation service"[*] it says it
doesn't exist. Yet, it has a Letsencrypt certificate. Ditto for
mailop's MX.>
The only reliable certificate (for me) is my certificate (generated
or signed by me). Anything other is 3-th party with unknown/uncertain
value.
While you can self-sign a certificate saying that your name is "example.com",
most CAs at least verify that the domain name is actually controlled by the
requestor. The CA/Browser Forum has established policies on how to perform
such verification. As a result, a certificate recognized by your system, in
addition to securing the key exchange, also guarantees the domain name. This
is not such an uncertain value.
The not-before date of the first certificate could be retained and considered
reliable in a similar manner.
Best
Ale
--
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
