Follow

@f4grx @nova@hachyderm.wtf "since the public keys are not in signed certificates" -- so that means you know it is the same person (or someone with access to the key), but have no third party attestation who that person is. (DNS is a kind of attestation, as it means "controller of this DNS record", which is what Let's Encrypt is based on).

So, it depends on what you are trying to authenticate? That they are the same person as last time, that they control the domain "northpole.com", or that they really are Santa Claus?

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.