Seperate out CFSSL server components from cf_impl_cfssl #145
Comments
|
Issue-Label Bot is automatically applying the label Links: app homepage, dashboard and code for this bot. |
|
i think this sounds like a great idea. We were trying to make the cert support pluggable already, but it was mostly to fix the limitations of openssl (i.e., no crl support in m2crypto). A new look at what the interface should look like might be in order. |
|
This might be an interesting one for you @bu3alwa , let me know if you want to chat it over and understand more. |
|
https://docs.google.com/document/d/1a1BRR0fWsKH-hZKa4U9n0zxY9ieJW3eHdtZVX8OIpyw/edit?usp=sharing @lukehinds let me know if this is good to move forward with |
|
Should making the ca cert be decoupled from keylime as well? Since we want the ca implementations to be a plugin to be added the |
that sounds good. |
|
#1012 removed CFSSL support. |
Currently CFSSL is automatically set up and run from
ca_impl_cfssl.pyI think we should separate out the server components
start_cfsslandstop_cfssland instead just have the ip and port configurable and the operator runs their own cfssl instance wherever they like (it might be on a different host to thekeylime_verifier), perhaps behind its own firewall etc. Either way I don't think it should not be possible to run it separately.In time we should also look to make CA's plugable, so different PKI systems can be utilised.
@jetwhiz @nabilschear - any objections to the above? If not I will give it a key_feature label.
The text was updated successfully, but these errors were encountered: