You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Are there considerations about supporting or not supporting other CertificateTypes than X509?
If others are intended to be used, especially RawPublicKey(2) raise the question, how the valid_time
Time, in seconds relative to the delegation certificate's notBefore value, after which the delegated credential is no longer valid.
may be handled. One idea would be to define a default value for notBefore to be used with CertificateTypes, which don't carry such a date.
I consider this mechanism very valuable in order to be able to use RawPublicKey(2) with special hardware (HSM) to protect the RFC7250/long living private keys, and use a short living private keys of the subcerts on server nodes, especially, when it gets required to scale them up.
The text was updated successfully, but these errors were encountered:
Are there considerations about supporting or not supporting other
CertificateTypesthan X509?If others are intended to be used, especially
RawPublicKey(2)raise the question, how the valid_timemay be handled. One idea would be to define a default value for
notBeforeto be used withCertificateTypes, which don't carry such a date.I consider this mechanism very valuable in order to be able to use
RawPublicKey(2)with special hardware (HSM) to protect the RFC7250/long livingprivate keys, and use a short livingprivate keysof thesubcertson server nodes, especially, when it gets required to scale them up.The text was updated successfully, but these errors were encountered: