How to build your own CA and PKI, my new long-form blog post for @CloudFlare.https://blog.cloudflare.com/how-to-build-your-own-public-key-infrastructure/ …
-
-
Replying to @grittygrease
@grittygrease Very cool. The only question I have is "How does the CA authenticate the CSR to decide whether or not to issue the cert?"1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
@brian_____ Currently, it's an HMAC and a hostname regular expression. There are more authentication mechanisms coming soon.1 reply 0 retweets 0 likes -
Replying to @grittygrease
@grittygrease Instead of generating and distributing the cert private keys, (single-use? TOFU?) HMAC keys are generated and distributed?1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____ Long-lived per-CA HMAC keys are installed in the clients at provisioning time and the CA uses an IP whitelist.1 reply 0 retweets 0 likes
@grittygrease Interesting. A description of that would also be very interesting reading.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.