I'd like to request a certificate that is signed by the Fedora CA. Background: I would like to offer OpenVPN tunnels to Fedora Ambassadors which they can use at events. Often Internet Access is restricted at Events due to them being in Universities etc. I would offer to run a OpenVPN instance, on port 443 for example, which enables contributors to have a tunnel that gives them unrestricted internet access. Technically it would even be possible to enable this only for certain FAS Groups (if there is some kind of interface to check the group info against) so that this service can only be used by ambassadors.
Couple of things.
1) Why does the Fedora CA need to be used to do this?
2) Why is their internet restricted and how is it not illegal for us to allow them to bypass that?
1) That would enable Fedora Ambassadors to just use their already existing Fedora certificates that they receive from FAS and saves me the hassle of maintaining my own CA.
2) I don't actually know why universities etc. restrict their internet access. Possibly because they are afraid of security issues, P2P traffic or whatnot. However I believe that Fedora Ambassadors are reasonable people and I trust them to use the Connection given to them wisely. However I think it's simply not acceptable that essential Fedora services such as CVS, git, VoIP, Gobby, etc... do not work in some networks at events. Regarding the legality I'm not really sure. However the legal responsibility would somewhat be transfered to me then, because my IP will be the one that is visible to the outside world.
Sorry this sat idle for so long. At present we have no facilities in place to really manage such an arrangement. At some point in the future we are going to be deploying a certificate management system, in the meantime we're preferring to keep the cert system as simple (and dumb) as possible. Sorry but we won't be sending you a signed certificate.
Login to comment on this ticket.