CAcert System Admins discussion list

[IanG <iang AT cacert.org>]

guillaume romagny wrote:
> Hi Ian,
>
> it is just 450 temporary., it is expected to work 246 seconds later as 
> mentioned.
>
> It is working now ?


Yes, it is working now.  However that is not the question. 
The comment below was entirely explanatory as to what would 
happen.

What I want to know is *why* and *what* and *where*???

The reason is this:  The certificates that are issued by 
CAcert are *critically* dependent on email.  If I can fiddle 
the mail, I can add any domain or email, and get a cert for it!

So, anything that happens to email is a concern.  (To 
underscore this, note that DRC says that the email testing 
by CAcert is inadequate to audit, so the current situation 
must change.)

So, whatever is happening to email, we need some doco, some 
policy, some understanding.  (And we need to fix the audit 
bugs.)

That's what I'm asking:  what is going on, how much can we 
rely on email, who is poking around and greylisting and 
blacklisting and goldlisting and whatever... , and what does 
this do to the security model surrounding certificates?

iang


> Kind regards,
>
> Guillaume
>
> IanG a écrit :
> > Huh?  CAcert cannot send email to ... CAcert email addresses?  Is this 
> > the "Tunix firewalling????"
> >
> >
> > =============
> > The mail server responsible for your domain indicated a temporary 
> > failure. This may be due to anti-SPAM measures, such as greylisting. 
> > Please try again in a few minutes.
> >
> > 450 iang AT cacert.org: recipient address temporarily rejected: 
> > greylisted for 246 seconds
> > =============
> >
> > (I'm trying to add the domain to my account ... something that *could* 
> > be done automatically, as the authority for using that account is 
> > already within CAcert.)
> >
> > iang
> > _______________________________________________
> > CAcert-sysadm mailing list
> > CAcert-sysadm AT lists.cacert.org
> > https://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-sysadm