Re: TLS key for api.ftp-master.debian.org

[Ian Jackson <ijackson@chiark.greenend.org.uk>]

Ian Jackson writes ("Re: TLS key for api.ftp-master.debian.org"):
> I'm suggesting that we generate a new service-specific root psuedo-CA
> for each service.  The psuedo-CA key would be used to sign one cert,
> ever: the cert on the service-specific EE key.

The purpose of this suggestion is to arrange that the private keys
whose public halves dgit is relying on to get accurate information
about what source code is in Debian, are stored on appropriate Debian
systems.

Essentially I'm suggesting that we use the key management and
distribution model we use for apt archive signing.  The existence of
the one-shot pseudo-CA is an artefact of TLS/X.509/etc. braindamage,
but it is purely syntactic and has no security implications.

Would it help if we chatted about this on IRC or something ?

Thanks,
Ian.