A letsencrypt cert doesent validate anyone's identity other than confirm the controller of a domain's nameserver has control over the web server.
An EV certificate is how companies like google and paypal can get that green checkmark or background in your browser's url box indicating that the certificate issuer has confirmed the identity with government ID, articles of incorporation, a letter from a lawyer and a notary public of the person or company the certificate was issued to.
A letsencrypt cert doesent validate anyone's identity other than confirm the controller of a domain's nameserver has control over the web server.
Yes, this is what I am talking about. No more, no less.
There are websites of "important people" out there who we already assume to be "real" or "verified".
Putting a public key on these sites and having a signed message on here is all I am talking about.
Essentially, you would just take your reputation from these websites instantly with you to SN.
Thanks for the explanation about EV certificates. Didn't know they exist!
reply
There is something called DANE SMIMEA which is similar to your proposal and something @k00b could use to verify "orange checks" that ties a domain to an email address and public key if he thinks its worthwhile.
reply
The DANE SMIMEA standard was adopted as rfc8162 in 2017
reply
I haven't found a simple way of generating a dns record. gpg --export-options export-dane email@address.tld is one way, but I can't get nsupdate to accept that format.
reply