Miguel Landaeta <mig...@miguel.cc> writes: > On Tue, Aug 23, 2011 at 4:24 PM, Russ Allbery <r...@debian.org> wrote:
>> Hm, then it's not actually a CA, is it? > I'm afraid it is not a CA or it is not used as a CA by Amazon Web > Services users. However, it is necessary in order to use effectively > those web services. > If is not reasonable to include this certificate in ca-certificates > maybe it could belong to a cloud computing generic utils package. Could you explain more about how the certificate is used? I'm trying to understand if it gains any benefit from the extra certificate handling done by ca-certificates, specifically its inclusion in an OpenSSL-hashed directory, or if it just needs to be in some package somewhere so that it can be referenced by other software. It seems strange to include a non-CA certificate in ca-certificates; we may need a different sort of infrastructure to handle things like this. (And I think it would be a bit questionable to trust any certificate signed by that certificate in a web browser, say, which is what would happen if it were just included in ca-certificates.) -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87r54bycxv....@windlord.stanford.edu
