On Thu, Jun 25, 2009 at 01:42:46PM +0200, Christoph Anton Mitterer wrote: > On Thu, 2009-06-25 at 13:20 +0200, Philipp Kern wrote: > > But now you also raise another > > certificate authority... > What do you mean? GridKa-CA?
Yes. > > How would the certificate be used? Sadly I don't know how those grids > > work[*]. Would users need the certificate installed or somehow the > > individual nodes? (As for the latter they can be put into > > /usr/local/share/ca-certificates with the newest version.) > Both,... in principle there's nothing special about Grid-Certificates... > you give them to hosts,.. and to users (and sometimes even to > services),.. and they're used to authenticate to each other. > What do you mean, should be put under /usr/local? The CA. [ Snipping your ideas. ] I'll think about it. In the case of DFN I don't see it as DFN Global is clearly a sub-CA of Telesec and needs to obey to their policies (as well as their own). There are no further sub-CAs below that because they would otherwise violate them. A package split would work. What I would get to is to have only Mozilla's certs to be activated by default and maybe SPI's and leave the others for the local sysadmin to activate. > StartCom is proably a PCA,.. but it provides the XMPP intermediate CA, > which gives free server certs for Jabber-Servers. > As this cert is probably needed by most Debian-Jabber-Admins,.. it may > be ok to include it. IMHO StartCom should already be included through Mozilla, no? Kind regards, Philipp Kern -- .''`. Philipp Kern Debian Developer : :' : http://philkern.de Stable Release Manager `. `' xmpp:[email protected] Wanna-Build Admin `- finger pkern/[email protected]
signature.asc
Description: Digital signature
