TLS key for api.ftp-master.debian.org

To: debian-admin@lists.debian.org
Cc: debian-dak@lists.debian.org
Subject: TLS key for api.ftp-master.debian.org
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Fri, 7 Nov 2014 16:53:44 +0000
Message-id: <[🔎] 21596.63768.751865.223236@chiark.greenend.org.uk>

Thanks for helping with this.  When I spoke to ftpmaster et al about
this before, we had a conversation about TLS public keys and
certificates.

I would like the DAK API TLS security to be rooted in a
Debian-controlled public key distributed in a package in Debian,
rather than using a public CA.

What I suggested is here:
  https://lists.debian.org/debian-dak/2013/11/msg00000.html
(in `Part II').

I provided rationale for this approach, rather than using a
conventional https public CA, here:
  https://lists.debian.org/debian-dak/2013/11/msg00002.html
  https://lists.debian.org/debian-dak/2013/11/msg00007.html
(Noodles pointed out a little laterthat I should have meant
the debian-archive-keyring package, not the debian-keyring one.

Mark Hymers agreed with me here:
  https://lists.debian.org/debian-dak/2013/11/msg00011.html

I provided some scripts for key and cert generation, here:
  https://lists.debian.org/debian-dak/2013/11/msg00010.html

Thanks,
Ian.

Reply to:

Follow-Ups:
- Re: TLS key for api.ftp-master.debian.org
  - From: Paul Tagliamonte <paultag@debian.org>
- Re: TLS key for api.ftp-master.debian.org
  - From: Mark Hymers <mhy@debian.org>

Prev by Date: Canonicalising suites
Next by Date: Re: TLS key for api.ftp-master.debian.org
Previous by thread: Re: Canonicalising suites
Next by thread: Re: TLS key for api.ftp-master.debian.org
Index(es):
- Date
- Thread