ACME email project
-
Let's Encrypt and Security Research Group (SRG) have defined the ACME protocol for emails. Email certificates, would be ready to sign with S/MIME
Seems like an interesting project. Anyone have any further knowledge of this Client/Server project?
First I've heard of it by accident as I researching a new gnuRadio for Windows release.{EDIT] This page seems to resolve only to Cloudfare. No other info is provided so until I do maore research on it I'd take it with a grain of salt. All useful information has been "REDACTED FOR PRIVACY"
[EDIT2] After further research, I have found nothing on the owner / author of this site.
I will therefore stick to my regular methods of getting software from gitHub or other verifiable sources.
The line: Registered to: CTTC
seems to be the ISP(?) or more likely the hosing service in Barcelona.
Traceroute sends me from here to the E.U. (unspecified location), then to Cloudfare. -
@greybeard Hiding domain owner contact details in the publicly available DNS is pretty much standard practice, even Vivaldi does it. Usually the only contact details are the abuse contact for the domain registrar. No-one wants their email overrun with spam. It's not a reason to suspect the site is involved in shady business.
When a site uses Cloudflare there's no way of knowing where the server is located, and it's mostly irrelevant anyway - some big data center somewhere in the so-called "cloud". For me the IP
172.67.187.5
shows "US, California" but that's likely because Cloudflare is registered as a company there. The number of hops definitely looks like it's in Europe for me - but again that's irrelevant when Cloudflare is used.I don't know why you link to this specific Spanish company and the server product they're selling - which may or may not be a good product. But it's probably perfectly valid and seems very much focused on selling to businesses.
https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment
https://letsencrypt.org/docs/client-options/ -
@pathduck Agreed on all counts.
But there is usually an abuse_at_example.com or contact_at_example.com.
I have personally sent a few complaints to "abuse" emails over the years. I have yet to receive a reply from even one, leaving me to believe all incoming is set to auto-delete then a script is run to empty the deleted emails.
You are correct in saying there is no evidence to suggest "shady business" except the way the page was presented.I have previously been bitten. Perhaps I am overly cautious.
-
-