Re: X.509 and CA certificates for other purposes (i.e. the IGTF)

[Daniel Pocock <daniel@pocock.com.au>]

On 30/05/13 13:19, Bastien ROUCARIES wrote:
> On Thu, May 30, 2013 at 12:50 PM, Dennis van Dok <dennisvd@nikhef.nl> wrote:
>> On 26-05-13 20:02, Bastien ROUCARIES wrote:
>>> On Sat, May 25, 2013 at 2:27 PM, Charles Plessy <plessy@debian.org> wrote:
>>>> Hi Dennis and everybody,
>>>>
>>>> somewhat related to this, I would like to know if there is a package that could
>>>> host Amazon's EC2 public certificate ?  In Ubuntu it is added to the euca2ools
>>>> package, because a program of this package can use it, but it is not part of
>>>> the upstream source (which is not Amazon), so I really would prefer to ship
>>>> the certificate somewhere else.
>>>>
>>>> I proposed ca-certificates earlier, but the result was inconclusive.
>>>>
>>>>     http://bugs.debian.org/573857
>>>>
>>>> Would there be a volunteer to maintain new package from scratch if needed ?
>>> Maybe crypto consolidation arround libnss will greatly help here.
>>> jessie release goal ?
>> Could you elaborate on what it is you propose exactly, because I could
>> interpret this in many different ways.
> See also https://fedoraproject.org/wiki/FedoraCryptoConsolidation


One of the GSoC project areas that did not go ahead covers this same
topic.  You can find some of the ideas by reading through the proposal I
put up and the responses from three students

http://wiki.debian.org/SummerOfCode2013/Projects#Improving_PKI_on_Debian

Some of it overlaps with what Fedora are discussing