easy-tls icon indicating copy to clipboard operation
easy-tls copied to clipboard
verified publisher icon TinCanTech

Ideas for metadata field: OPT

Open TinCanTech opened this issue 4 years ago • 5 comments

#32

So far:

  • notAfter date - Could be done by appending to creation date.
  • ~An RPC function~ ;-) - This was a joke ..
  • Client certificate fingerprint
  • ~Random padding~ - Done another way.
  • ~Server-Name~ - This would allow the Server-Name to be added to inline-file metadata I could append Server-Name to CA serial number field.
  • Fixed Client IP
  • Something else ?

TinCanTech avatar Jan 29 '21 00:01 TinCanTech

Server admins will need to know to which Server can this key connect, so adding Server CommonName to the metadata is going to be vital. However, this does not need to use OPT.

TinCanTech avatar Mar 08 '21 18:03 TinCanTech

How about my signature $gpg-public-key:tincantech ?

TinCanTech avatar Mar 23 '21 23:03 TinCanTech

How about a bit field, to specify over-riding server requirements.

  • 0000 - User
  • 0001 - Ignore hwaddr
  • 0010 - Ignore Custom-Group
  • 0100 - Ignore expiry
  • etc..

TinCanTech avatar Mar 27 '21 05:03 TinCanTech

I have a valid use for this field:

  • Lock to the specified X509 certificate .. or not.

Although, even this can be done by appending a lock to the X509 serial number field.

TinCanTech avatar Jun 10 '21 19:06 TinCanTech

This may be required to mark a key as a group key, not an individual key.

TinCanTech avatar Nov 13 '21 18:11 TinCanTech