Re: Bug#845351: ITP: ca-dn42 -- dn42 automatic CA root certificates

To: debian-devel@lists.debian.org
Subject: Re: Bug#845351: ITP: ca-dn42 -- dn42 automatic CA root certificates
From: Simon McVittie <smcv@debian.org>
Date: Tue, 22 Nov 2016 18:01:09 +0000
Message-id: <[🔎] 20161122180109.qf4ofiv3wrm2wk5r@perpetual.pseudorandom.co.uk>
In-reply-to: <[🔎] 147983692475.16307.140801575102631916.reportbug@orbiter.shiftout.net>
References: <[🔎] 147983692475.16307.140801575102631916.reportbug@orbiter.shiftout.net>

On Tue, 22 Nov 2016 at 17:48:44 +0000, Iain R. Learmonth wrote:
> The root certificate has constraints
> that it can only be used to sign domains ending with .dn42

Does this package insert the dn42 CA into the system-wide default CA
store?

(If it does, then I think it would be necessary to tread *very*
carefully.)

Do all TLS libraries available in Debian respect those constraints?

    S

Reply to:

Follow-Ups:
- Re: Bug#845351: ITP: ca-dn42 -- dn42 automatic CA root certificates
  - From: "Iain R. Learmonth" <irl@debian.org>

References:
- Bug#845351: ITP: ca-dn42 -- dn42 automatic CA root certificates
  - From: "Iain R. Learmonth" <irl@debian.org>

Prev by Date: Bug#845351: ITP: ca-dn42 -- dn42 automatic CA root certificates
Next by Date: Bug#845371: ITP: libdnssecjava-java -- A DNSSEC validating stub resolver for Java
Previous by thread: Bug#845351: ITP: ca-dn42 -- dn42 automatic CA root certificates
Next by thread: Re: Bug#845351: ITP: ca-dn42 -- dn42 automatic CA root certificates
Index(es):
- Date
- Thread