On Fri, Apr 26, 2019 at 2:06 AM Stephen Gallagher <sgall...@redhat.com> wrote:
> On Thu, Apr 25, 2019 at 1:42 PM Danishka Navin <danis...@gmail.com> wrote: > > > > > > > > On Wed, Apr 24, 2019 at 6:02 PM Sérgio Basto <ser...@serjux.com> wrote: > >> > >> On Wed, 2019-04-24 at 11:35 +0530, Danishka Navin wrote: > >> > >> Hi, > >> > >> Sri Lanka Cert is gonna implement local Root CA. > >> How we can submit this Root CA with Fedora? > >> > >> I could not find enough information on this. > >> > >> > >> you can do one custom ca-certificates-2018.2.26-2.fc29.noarch package > and add your certificate to ca-truted in you system > > > > > > Its about officially distributed using formal channels, i.e: Operating > Systems and Browsers. > > This is not about testing locally. > > I mean it required to be in ca-certificates-2018.2.26-2.fc29.noarch > package by default. > > > > > That package comes from Mozilla's collection. If Mozilla approves it, > Fedora will pick it up as soon as an updated ca-certificates package > is released. That said, it sounds like the intent of that CA is for a > government-mandated man-in-the-middle attack to monitor secure > traffic. It is highly unlikely that will be accepted by Mozilla. > Seems government is working with Chinese tech people to run mass online surveillance system. http://www.themorning.lk/china-styled-mass-online-surveillance/ But I am not clear how Root CA can use to SSL MITM attack instead of user cert. -- Danishka Navin
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org