Bug 1304112 - [RFE] add public portion of entitlement CA to manifest file
Summary: [RFE] add public portion of entitlement CA to manifest file
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Candlepin
Classification: Community
Component: candlepin
Version: 0.9.51
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: candlepin-bugs
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-02 22:21 UTC by Chris Duryee
Modified: 2019-09-20 14:59 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-09-20 14:59:19 UTC
Embargoed:

Attachments (Terms of Use)

Description Chris Duryee 2016-02-02 22:21:28 UTC 
Description of problem:

Currently, the public portion of the entitlement CA certificate is not in the certificate manifest. This file is generally useful since it can be used to validate that manifest certs.

This RFE is to bundle the public portion of the entitlement CA somewhere in the manifest zip file.
Comment 1 Chris Duryee 2016-02-02 22:27:21 UTC 
sorry, I hit "submit" while editing the description.

The entitlement CA certificate can be used to validate that the entitlement certificates in the manifest are in fact signed by Red Hat. This request is to add the entitlement CA certificate to the manifest file generated by candlepin.

Note that the CA cert is different from the CA private key; the former is used to validate signatures and the latter is used for signing.
Comment 2 Barnaby Court 2019-09-20 14:59:19 UTC 
Closing because including the key used to validate in the same payload that the things it will be used to validate would not prevent a man in the middle from replacing both the signing key & the entitlement certificates. 

Please re-open w/ more details on the scenario & need for it if you would still like to have this feature.
Note You need to log in before you can comment on or make changes to this bug.