Skip to content

Missing feature of tls authentication authorityKeyIdentifier #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mattiabertorello opened this issue Jun 29, 2018 · 3 comments
Closed

Missing feature of tls authentication authorityKeyIdentifier #4

mattiabertorello opened this issue Jun 29, 2018 · 3 comments
Assignees
@sandeepmistry
Labels
type: enhancement Proposed improvement

Comments

@mattiabertorello
Copy link
Contributor

It would be good to implement the X509v3 Authority Key Identifier extension but should be optional to provide back compatibility.
The main reason are:

  • Performance to find the right CA without try all of them
  • Best practise
  • Compatibility with CFSSL that generate the certificate with an subject id and consequently our go tool generate the client certificate with the authority key identifier

https://www.v13.gr/blog/?p=293

Thanks
@mattiabertorello mattiabertorello added the type: enhancement Proposed improvement label Jun 29, 2018
@mattiabertorello
Copy link
Contributor Author

Hi @sandeepmistry did you see the issue?

@sandeepmistry
Copy link
Contributor

Can you please provide:

  • an example cert we should use for the template
  • if the value can be stored in the library or if we need to use a slot on the crypto chip to persist it

Will this be used on AWS IoT or our own broker?

We need to schedule this work based on the priorities of the other items I have on my list.

cc/ @akash73 @mastrolinux

@sandeepmistry sandeepmistry mentioned this issue Jul 24, 2018
Merged
@sandeepmistry
Copy link
Contributor

Closed via #6.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sandeepmistry sandeepmistry

Labels
type: enhancement Proposed improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sandeepmistry @mattiabertorello