NTS: removed "not implemented" on server ca

Hal Murray hmurray at megapathdsl.net
Wed Apr 3 11:51:09 UTC 2019

> No.  LE has FIVE root certs.  Maybe you can call it a split root.  And you
> have no way of knowing which one they use for any particular cert.

> And note the specifically say: "Our roots are kept safely offline." 
> So you can't even get the root to check it!

"root" is ambiguous without context.  The password for the real root is kept 
safely hidden.  Most of the time when we say "root cert" we are talking about 
an intermediate cert that is contained in the collection of trusted certs 
distributed by distros.

The current per-server "ca" supports self-signed certificates without 
installing a not-really trusted cert as trusted.

These are my opinions.  I hate spam.

More information about the devel mailing list