[Operators] IM Observatory: Not recognising DigiCert root certificate

[Peter Saint-Andre]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/31/13 6:09 AM, Robert Norris wrote:
> On Thu, Oct 31, 2013, at 08:37 PM, Thijs Alkemade wrote:
>> Hm, I see what’s going wrong.
> 
> Great. I still spent a good part of the afternoon going over our 
> certificate chains for all our services just to be sure :)
> 
>> The error didn't influence the trust, by the way. You still get
>> an F because your certificate is not valid for fastmail.fm.
> 
> Yeah, I suspected that might be what it was reporting, but wasn't
> sure. Oh well, not much I can do about that.

If I understand your scenario correctly, I think this is where POSH
would help:

http://datatracker.ietf.org/doc/draft-miller-posh/

That is, you could host a special JSON file at https://fastmail.fm/
(see the spec for details) and it would either provide or point to the
certificate that a client or peer server should expect you to present
at your server.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJScngHAAoJEOoGpJErxa2pFIoP+wT8/QcJhShCaE+cbcm9nea4
fvlHNSIp1wdtW3rEAOmQFZBv7q3lqxiloHkT/83s271BGDeJYzApggEgs9kJc148
t66Qc0GQUD5S0p1CDAbJTU/Jr/TqlttxO+758OPHRC1DJQAa0cD9lrHfRqx0eUF3
8RqhZaCLvwndIb2qCCuUz4mCbJdl//A+nFWxJIXQijDxukRdoADUTol991wXGyUM
G82I0wlcAcmAjZcOmPY18pg3Q3TIU8z8RniysXe4gWBByOfOztpKJ2xX3o8/07O4
xrkhqABOPj6ZVnNn4+0yFFriTCIKt/dujXyUwoMtovN9Scfbss1g82+O3aqA1SKP
vJpc0efmUHtAkNE4dRH2R3CIpD/c0D9vuq39zloyYVEUSZ5+wmN8Yk2PNbqLX5AD
eywYUtAsfJtBoeGKK39nzqsyArsy9kRB8AL5I+y0y1XhERKLsDMrSEGvVq+Ho05l
+naeNCsQWAmaV92IApTlJ/Zn3OaqwvRZrCEgX4qZJ4hMsXp1PniI2lK+yZ6ppULy
HFTmXVq5f18rtNoTgvJe1rs2ZjGJrUTRPpHjkKDfPak8ZTebzrXWDqROeQX5bzS5
Eefq5uZ5FyrMBRJVdOAiH3v9EOX+rPp6g5MpAkJMu7037+rqap4F8wne3DBszAip
W14cShh6XUaXSUaEsQ/E
=2Lyw
-----END PGP SIGNATURE-----