Michael Malone

@sebastien-baillet I'm not sure I understand the question. It sounds like you're exporting issued certificates from the `step-ca` database and would like to determine which intermediate issued each certificate? The...

Returning to the original topic, handling expiry issues gracefully is pretty tricky. We need to balance two issues: 1. Making sure people are aware that they're doing something they probably...

@sebastien-baillet That's super helpful. Thanks so much for doing this research. I'm now convinced that we should reduce the lifetime transparently so that the `notAfter` of a leaf is `

tl;dr: 1. I don't like the idea of a `--not-after` flag on `step ca init`. 2. I do like the idea of `--intermediate-cert` and `--intermediate-key` flags on `step ca init`....

Thanks for raising this @vulnbe. Also, thanks @rmhrisk for the insight around availability issues. I hadn’t completely considered this. I have a couple thoughts here that I’d love feedback on...

@reawakn I believe the problem is that your provisioner URI (`http://IPv4:5556/dex/.well-known/openid-configuration`) is using HTTP, not HTTPS. OAuth and OIDC require use of TLS (HTTPS) everywhere.

I want to support EAB. The difficult question seems to be: how are the EAB symmetric keys managed? Are they managed by `step-ca` or by some external service? I wish...

Excuse my ignorance, but what's the use case for S/MIME certificates from a private/internal CA? How does root distribution work? If I'm using a cert from my internal CA, you...

Yea, it seems like root distribution is the problem here. I can understand the elevated internal security use case, but I don't know how common that is. If there's a...

Yes, you should be able to use templates to issue certificates with the right extensions (key usage / extended key usage) for S/MIME using any of our existing provisions (OIDC...