Hi Nathan and others,

I am now going through FreeIPA 4.4 items and I am thinking about ECC support in
FreeIPA:

https://fedorahosted.org/freeipa/ticket/3951

AFAIK, ECC should be already supported in Dogtag. Could you please advise what
is the scope of expected changes in FreeIPA?

My understanding is that following parts are required:
1) Generating ECC signing certificate for FreeIPA CA. This is not clear to me
though, if this task can be easily done during upgrade.
2) Updating FreeIPA Certificate Profiles (which should be now in LDAP) and
adding respective EC algorithms support to "signingAlgsAllowed", as noted in
https://fedorahosted.org/freeipa/ticket/3951#comment:1.

Is that correct or more is needed to make that working and supported in FreeIPA?

-- 
Martin Kosek <mko...@redhat.com>
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to