-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/31/13 6:09 AM, Robert Norris wrote: > On Thu, Oct 31, 2013, at 08:37 PM, Thijs Alkemade wrote: >> Hm, I see what’s going wrong. > > Great. I still spent a good part of the afternoon going over our > certificate chains for all our services just to be sure :) > >> The error didn't influence the trust, by the way. You still get >> an F because your certificate is not valid for fastmail.fm. > > Yeah, I suspected that might be what it was reporting, but wasn't > sure. Oh well, not much I can do about that.
If I understand your scenario correctly, I think this is where POSH would help: http://datatracker.ietf.org/doc/draft-miller-posh/ That is, you could host a special JSON file at https://fastmail.fm/ (see the spec for details) and it would either provide or point to the certificate that a client or peer server should expect you to present at your server. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJScngHAAoJEOoGpJErxa2pFIoP+wT8/QcJhShCaE+cbcm9nea4 fvlHNSIp1wdtW3rEAOmQFZBv7q3lqxiloHkT/83s271BGDeJYzApggEgs9kJc148 t66Qc0GQUD5S0p1CDAbJTU/Jr/TqlttxO+758OPHRC1DJQAa0cD9lrHfRqx0eUF3 8RqhZaCLvwndIb2qCCuUz4mCbJdl//A+nFWxJIXQijDxukRdoADUTol991wXGyUM G82I0wlcAcmAjZcOmPY18pg3Q3TIU8z8RniysXe4gWBByOfOztpKJ2xX3o8/07O4 xrkhqABOPj6ZVnNn4+0yFFriTCIKt/dujXyUwoMtovN9Scfbss1g82+O3aqA1SKP vJpc0efmUHtAkNE4dRH2R3CIpD/c0D9vuq39zloyYVEUSZ5+wmN8Yk2PNbqLX5AD eywYUtAsfJtBoeGKK39nzqsyArsy9kRB8AL5I+y0y1XhERKLsDMrSEGvVq+Ho05l +naeNCsQWAmaV92IApTlJ/Zn3OaqwvRZrCEgX4qZJ4hMsXp1PniI2lK+yZ6ppULy HFTmXVq5f18rtNoTgvJe1rs2ZjGJrUTRPpHjkKDfPak8ZTebzrXWDqROeQX5bzS5 Eefq5uZ5FyrMBRJVdOAiH3v9EOX+rPp6g5MpAkJMu7037+rqap4F8wne3DBszAip W14cShh6XUaXSUaEsQ/E =2Lyw -----END PGP SIGNATURE-----
