Marx, Peter wrote:
Hi,
we are using certmonger with SCEP. But SCEP does not support Elliptic
curve keys, only RSA.
The successor protocol EST (Enrollment over Secure Transport) would
support ECC.
Is a EST helper for certmonger/getcert on the roadmap ?
No. I added a ticket to track it,
https://fedorahosted.org/certmonger/ticket/53
If yes, when ?
How complicated is it to create such a helper around the Cisco
open-sourced libest ?
Hard to say without digging into the library. The library was
open-sourced less than 3 weeks ago AFAICT.
Practically this also means someone will need to package it for the
various Linux distributions.
rob
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code