Re: [Freeipa-devel] V4/Sub-CAs review

2016-06-06 Thread Fraser Tweedale
On Mon, Jun 06, 2016 at 08:29:16AM +0200, Jan Cholasta wrote: > On 1.6.2016 06:49, Fraser Tweedale wrote: > > On Mon, May 23, 2016 at 10:02:44AM +0200, Jan Cholasta wrote: > > > > > > > 2) > > > > > > > > > > > > > > It should be mentioned

Re: [Freeipa-devel] V4/Sub-CAs review

2016-06-06 Thread Jan Cholasta
On 1.6.2016 06:49, Fraser Tweedale wrote: On Mon, May 23, 2016 at 10:02:44AM +0200, Jan Cholasta wrote: 2) It should be mentioned here that the primary CA is also handled by this plugin. I would like to propose two additional fields: *

Re: [Freeipa-devel] V4/Sub-CAs review

2016-05-31 Thread Fraser Tweedale
On Mon, May 23, 2016 at 10:02:44AM +0200, Jan Cholasta wrote: > > > > > 2) > > > > > > > > > > It should be mentioned here that the primary CA is also handled by > > > > > this > > > > > plugin. > > > > > > > > > > I would like to propose

Re: [Freeipa-devel] V4/Sub-CAs review

2016-05-23 Thread Jan Cholasta
On 17.5.2016 14:50, Fraser Tweedale wrote: On Tue, May 17, 2016 at 01:28:15PM +0200, Jan Cholasta wrote: On 10.5.2016 12:36, Fraser Tweedale wrote: Honza, thanks for the review. Comments inline. Copy Nalin, re certmonger discussion at the very bottom. On Mon, May 09, 2016 at 08:54:32AM

Re: [Freeipa-devel] V4/Sub-CAs review

2016-05-17 Thread Nalin Dahyabhai
On Tue, May 17, 2016 at 01:28:15PM +0200, Jan Cholasta wrote: > > > 7) > > > > > > How is a certificate going to be requested from a specific sub-CA using > > > the > > > getcert command? > > > > > I added a preliminary design; add a new

Re: [Freeipa-devel] V4/Sub-CAs review

2016-05-17 Thread Fraser Tweedale
On Tue, May 17, 2016 at 01:28:15PM +0200, Jan Cholasta wrote: > On 10.5.2016 12:36, Fraser Tweedale wrote: > > Honza, thanks for the review. Comments inline. > > > > Copy Nalin, re certmonger discussion at the very bottom. > > > > On Mon, May 09, 2016 at 08:54:32AM +0200, Jan Cholasta wrote: >

Re: [Freeipa-devel] V4/Sub-CAs review

2016-05-17 Thread Jan Cholasta
On 10.5.2016 12:36, Fraser Tweedale wrote: Honza, thanks for the review. Comments inline. Copy Nalin, re certmonger discussion at the very bottom. On Mon, May 09, 2016 at 08:54:32AM +0200, Jan Cholasta wrote: Hi, 8<-- 2) It

Re: [Freeipa-devel] V4/Sub-CAs review

2016-05-10 Thread Fraser Tweedale
Honza, thanks for the review. Comments inline. Copy Nalin, re certmonger discussion at the very bottom. On Mon, May 09, 2016 at 08:54:32AM +0200, Jan Cholasta wrote: > Hi, > > 1) > > > """ > The "upstream" root

Re: [Freeipa-devel] V4/Sub-CAs review

2016-05-09 Thread Jan Cholasta
Hi, 1) """ The "upstream" root certificate and intermediate CA certificates would be stored in LDAP for distribution to clients, with the root CA having an ipaKeyTrust value of trusted and intermediate CAs having a

Re: [Freeipa-devel] V4/Sub-CAs review

2016-04-21 Thread Fraser Tweedale
Christian, thank you for the review. Responses inline. I will update the design page soon with clarifications and information about backup. On Tue, Apr 19, 2016 at 01:24:54PM +0200, Christian Heimes wrote: > Hi Fraser, > > I'm the reviewer for your Sub-CAs and RFC 2818 designs. Let's start

[Freeipa-devel] V4/Sub-CAs review

2016-04-19 Thread Christian Heimes
Hi Fraser, I'm the reviewer for your Sub-CAs and RFC 2818 designs. Let's start with Sub-CAs first. http://www.freeipa.org/page/V4/Sub-CAs In general the design is well written -- accurate as usual. I didn't want to ACK the design with a simple LGTM, so I put myself in the position of a customer