[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Looking for seconds to add the Amazon EC2 public certificate in ca-certificates.

Miguel Landaeta <miguel@miguel.cc> writes:
> On Tue, Aug 23, 2011 at 4:24 PM, Russ Allbery <rra@debian.org> wrote:

>> Hm, then it's not actually a CA, is it?

> I'm afraid it is not a CA or it is not used as a CA by Amazon Web
> Services users. However, it is necessary in order to use effectively
> those web services.

> If is not reasonable to include this certificate in ca-certificates
> maybe it could belong to a cloud computing generic utils package.

Could you explain more about how the certificate is used?  I'm trying to
understand if it gains any benefit from the extra certificate handling
done by ca-certificates, specifically its inclusion in an OpenSSL-hashed
directory, or if it just needs to be in some package somewhere so that it
can be referenced by other software.

It seems strange to include a non-CA certificate in ca-certificates; we
may need a different sort of infrastructure to handle things like this.
(And I think it would be a bit questionable to trust any certificate
signed by that certificate in a web browser, say, which is what would
happen if it were just included in ca-certificates.)

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: