cfssl icon indicating copy to clipboard operation
cfssl copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

Delegated Credentials for TLS support

Open rektide opened this issue 5 years ago • 2 comments

Hello. What would be involved with adding Delegated Credentials for TLS support to cfssl? I believe there are two main cases:

  1. cfssl issuing a "delegation certificate" to operators, with which they can generate their own delegated credentials
  2. cfssl generating a "delegated credential" from a delgation certificate that has been provided by a ca

Some good introductory reading on Delegated Credentials for TLS is available from this fine article; I suspect some folks here may already be familiar with it. ;)

rektide avatar Sep 04 '20 19:09 rektide

I made an attempt at this in https://github.com/cloudflare/cfssl/pull/953 and see also https://github.com/cloudflare/cfssl/pull/1040. The challenges we ran into were around specifying the policy for the CA when it came to signing with extensions and I don't think we quite got something we were happy with there.

wbl avatar Sep 04 '20 23:09 wbl

Thank you, & apologies: I did search but did not see or make the connection to Delegated Credentials.

rektide avatar Sep 09 '20 00:09 rektide