[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

HTTPS for Debian archive mirrors, and CAA


the debian mirrors team needs to be able to point the
ftp.<CC>.debian.org aliases at different backends based on their status.
As such, the only service that is guaranteed to be available at these
names is HTTP.  Offering HTTPS on these names means breakage whenever
they are pointed at a different mirror.

Accordingly, we have set CAA records (RFC 6844) on the <CC>.debian.org
domains to disallow any certificate issuance, and we'd like to ask
mirror operators who were offering HTTPS under these names to stop doing
so.  They are of course free to continue offering the service under a
non-debian.org domain name.


Attachment: signature.asc
Description: PGP signature

Reply to: