Michael Malone

Neat. To be clear, these custom CA certificates are being used by the _docker daemon_ to talk to the container registry, correct? We're not talking about installing certificates _inside of...

I guess one more point of clarification... what we're _actually_ talking about here is that `step ca install ca.crt --docker` should effectively run `cp ca.crt /etc/docker/certs.d/ca.crt`, right? (FYI, you could...

Hey @nimbius, Thanks for the feedback. Yes, we're aware of and sensitive to concerns about implementation difficulties and unexplained magic numbers related to the NIST curves. If advanced persistent threats...

@maraino yea we could do that. I'm not sure what support is like for EdDSA keys in root & intermediate signing certificates though. I'm pretty sure EdDSA support was only...

Unfortunately, we don't have any mobile SDKs at the moment. Implementing the entirety of the `step` feature set in an SDK would be a ton of work, but if all...

For the other curves we're using the IANA registered names that are documented as part of the JSON Web Algorithms (JWA) spec, and used by the other JOSE specs (JWK,...

When you request a certificate from `step-ca` we actually send you a "bundle" that includes the intermediate certificate along with your new leaf certificate. This is what you want 99%...

Relatedly, I _think_ the `/root/{sha}` endpoint on `step-ca` actually returns the intermediate(s) in a separate attribute now. So you might be able to simply `curl` that endpoint and pipe it...

Yea, the `step ssh login` and `step ca token` (and `step ca certificate`) commands run `step oauth` if you're using an OAuth OIDC provisioner. We should probably add the `--console`...

@ericnorris cool! Yes! This is high on our priority list. We're definitely going to do it... at some point :) The bulk of the work for us here is doing...