openscreenprotocol icon indicating copy to clipboard operation
openscreenprotocol copied to clipboard

Published 20 hours ago verified publisher icon w3c

Use certificate serial number in Subject Name

Open backkem opened this issue 1 year ago • 1 comments

This resolves the circular dependency in agent certificate fingerprint.

Resolves #276

Preview | Diff

backkem avatar Apr 30 '24 21:04 backkem

@mfoltzgoogle PTAL?

anssiko avatar May 16 '24 09:05 anssiko

TODO:

  • [x] Alter the PR to match the protocol split.
  • [x] Update to match resolution for #275.
  • [ ] Verify that TLS mandates the connection is closed if the SNI doesn't match.

backkem avatar Sep 27 '24 18:09 backkem

I updated the PR based on our discussion from TPAC with a slight adjustment. I retained the counter in the agent serial number to make it easier to implement certificate rotation in the future (it won't require the agent to generate a new UUID).

PTAL @backkem

markafoltz avatar Oct 07 '24 23:10 markafoltz

Looks good to me. It addresses both the circularity and SNI issue. (I can't add a review, maybe because I opened the PR.)

Thanks for picking this up Mark. Sorry I didn't find the time yet.

backkem avatar Oct 08 '24 06:10 backkem

Thanks. I am going to revert the SVG changes and submit them separately, as the SVG needs to be updated to reflect the updated PR.

markafoltz avatar Oct 08 '24 20:10 markafoltz