💾 Archived View for bbs.geminispace.org › u › ERnsTL › 1692 captured on 2024-05-10 at 13:53:27. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-03-21)
-=-=-=-=-=-=-
Re: "Verification of Sender Certificate"
Thanks @jeang3nie for your clarifications and that there still is work to be done on cert verification (empty message loop etc.)
2023-06-08 · 11 months ago
Verification of Sender Certificate — Greetings, maybe I oversaw this in the spec, but if a client connects with a TOFU / self-signed certificate for chuck@norris.com is there any verification done to ensure that the client is not spoofing the sender address? I could think of something like a back-connection to a kind of "misfin MX" record (well SRV record would be perfect for that) and checking if the presented client certificate is signed by the norris.com server certificate.