Re: Looking for seconds to add the Amazon EC2 public certificate in ca-certificates.

To: debian-devel@lists.debian.org
Subject: Re: Looking for seconds to add the Amazon EC2 public certificate in ca-certificates.
From: Russ Allbery <rra@debian.org>
Date: Tue, 23 Aug 2011 15:34:36 -0700
Message-id: <[🔎] 87r54bycxv.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] CAHUk4kwCMqyTx7kuuU0S-AH0bM3QwV+usE72KpXHGRC2wnCneA@mail.gmail.com> (Miguel Landaeta's message of "Tue, 23 Aug 2011 17:36:56 -0430")
References: <20100314134657.4022.55699.reportbug@aqwa.igloo> <[🔎] 20110823034716.GA10469@plessy.org> <[🔎] 87r54cok54.fsf@windlord.stanford.edu> <[🔎] 4E53E1FE.7090802@pbandjelly.org> <[🔎] CAHUk4kzcCDW6GBoqkrTeJTcyoKuhyRu5D+5Z=pbpdYB1bt_P7A@mail.gmail.com> <[🔎] 87fwkrzw4y.fsf@windlord.stanford.edu> <[🔎] CAHUk4kwCMqyTx7kuuU0S-AH0bM3QwV+usE72KpXHGRC2wnCneA@mail.gmail.com>

Miguel Landaeta <miguel@miguel.cc> writes:
> On Tue, Aug 23, 2011 at 4:24 PM, Russ Allbery <rra@debian.org> wrote:

>> Hm, then it's not actually a CA, is it?

> I'm afraid it is not a CA or it is not used as a CA by Amazon Web
> Services users. However, it is necessary in order to use effectively
> those web services.

> If is not reasonable to include this certificate in ca-certificates
> maybe it could belong to a cloud computing generic utils package.

Could you explain more about how the certificate is used?  I'm trying to
understand if it gains any benefit from the extra certificate handling
done by ca-certificates, specifically its inclusion in an OpenSSL-hashed
directory, or if it just needs to be in some package somewhere so that it
can be referenced by other software.

It seems strange to include a non-CA certificate in ca-certificates; we
may need a different sort of infrastructure to handle things like this.
(And I think it would be a bit questionable to trust any certificate
signed by that certificate in a web browser, say, which is what would
happen if it were just included in ca-certificates.)

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Looking for seconds to add the Amazon EC2 public certificate in ca-certificates.
  - From: Philipp Kern <trash@philkern.de>

References:
- Looking for seconds to add the Amazon EC2 public certificate in ca-certificates.
  - From: Charles Plessy <plessy@debian.org>
- Re: Looking for seconds to add the Amazon EC2 public certificate in ca-certificates.
  - From: Russ Allbery <rra@debian.org>
- Re: Looking for seconds to add the Amazon EC2 public certificate in ca-certificates.
  - From: Michael Shuler <michael@pbandjelly.org>
- Re: Looking for seconds to add the Amazon EC2 public certificate in ca-certificates.
  - From: Miguel Landaeta <miguel@miguel.cc>
- Re: Looking for seconds to add the Amazon EC2 public certificate in ca-certificates.
  - From: Russ Allbery <rra@debian.org>
- Re: Looking for seconds to add the Amazon EC2 public certificate in ca-certificates.
  - From: Miguel Landaeta <miguel@miguel.cc>

Prev by Date: Re: Looking for seconds to add the Amazon EC2 public certificate in ca-certificates.
Next by Date: Re: Package for OpenAxiom
Previous by thread: Re: Looking for seconds to add the Amazon EC2 public certificate in ca-certificates.
Next by thread: Re: Looking for seconds to add the Amazon EC2 public certificate in ca-certificates.
Index(es):
- Date
- Thread