Andrew Martinez

icon company Netfoundry icon location NY

Results 15 comments of Andrew Martinez

Consider allowing query strings in SPIFFE IDs

If query parameters were allowed the `spiffe://` protocol of the URI would most likely have to be incremented to `spiffe2://` or risk breakage. The query portion of the URI has...

Both id-kp-serverAuth and id-kp-clientAuth MUST be set

> Do you see as a viable use case to have only TLS Web Client Authentication in case you don't plan to use it for TLS Web Server Authentication ?...

Both id-kp-serverAuth and id-kp-clientAuth MUST be set

A mindset shift that just happened for me is that the SPIFFE spec is independent of implementation-specific decisions. So where the SPIFFE spec is less strict (may have client/server key...

3rd Party CA Existing Session Removal

Existing test in `ca_test.go` `deleting a CA no longer allows authentication` currently being skipped

write a test for autoca enrollment

By "everything is tested" that is the REST API presentation and its implementation.