[jira] [Comment Edited] (HDDS-101) SCM CA: generate CSR for SCM CA clients

Fri, 26 Oct 2018 18:04:38 -0700 


    [ 
https://issues.apache.org/jira/browse/HDDS-101?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16665807#comment-16665807
 ] 

Anu Engineer edited comment on HDDS-101 at 10/27/18 1:03 AM:
-------------------------------------------------------------

Leaving a comment for future reference: We have made keyUsage a critical flag 
and not check if the Subject is empty and enforced SAN if it is empty. We are 
aware that rfc5280, says

_Conforming CAs MAY support extensions that are not identified within_
 _this specification; certificate issuers are cautioned that marking_
 _such extensions as critical may inhibit interoperability._

The reason we are able to do this is because all of these certificates, CSRs 
and other X.509 objects are read *only* by HDDS/Ozone. Since no third-party is 
involved, we can afford  these deviations without breaking the world.

 


was (Author: anu):
Leaving a comment for future reference: We have made keyUsage a critical flag 
and not check if the Subject is empty and enforced SAN if it is empty. We are 
aware that rfc5280, says

_Conforming CAs MAY support extensions that are not identified within_
 _this specification; certificate issuers are cautioned that marking_
 _such extensions as critical may inhibit interoperability._

The reason we are able to do this is because all of these certificates, CSRs 
and other X.509 objects are read *only* by HDDS/Ozone. Since no third-party is 
involved, we can afford to these deviations without breaking the world.

 

> SCM CA: generate CSR for SCM CA clients
> ---------------------------------------
>
>                 Key: HDDS-101
>                 URL: https://issues.apache.org/jira/browse/HDDS-101
>             Project: Hadoop Distributed Data Store
>          Issue Type: Sub-task
>            Reporter: Xiaoyu Yao
>            Assignee: Xiaoyu Yao
>            Priority: Major
>             Fix For: 0.5.0
>
>         Attachments: HDDS-101-HDDS-4-002.patch, HDDS-101-HDDS-4.001.patch, 
> HDDS-101-HDDS-4.003.patch
>
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to