Hi Michael, On 23/04/2019 09:12, Michael Bauland wrote: > > Certificates on the other hand are not a secure factor as almost anybody > can obtain a valid certificate.
A valid certificate provides a weak form of non-repudiation, so if an attacker obtains (for example) a cert for example.com and uses it to do bad stuff, then you can be reasonably certain that they have some association with the owner or operator of that domain. One could imagine that a server could require use of an EV cert to obtain a higher level of assurance. Server implementations can (and should) also tightly associate a cert with a specific client identity, so a client that connects using a certificate can only log in to a registrar account to which the certificate has been associated. That's how CentralNic's implementation works. G. -- Gavin Brown Chief Innovation Officer CentralNic Group plc (LSE:CNIC) https://www.centralnicgroup.com/ +44.7548243029 CentralNic Group plc is a company registered in England and Wales with company number 8576358. Registered Offices: 35-39 Moorgate, London, EC2R 6AR.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
