| 20 | = ecdsa-sig = |
| 21 | |
| 22 | Email from Selva: |
| 23 | |
| 24 | {{{ |
| 25 | I do not think I can make any coherent case at 5:30am even if I |
| 26 | somehow manage to make it to the meeting, but would like some feedback |
| 27 | on one thing: |
| 28 | |
| 29 | Topic: 'ecdsa-sig' management interface command that I proposed (the |
| 30 | patch for supporting EC certs with external key being reviewed by |
| 31 | Arne). |
| 32 | Ref: https://patchwork.openvpn.net/project/openvpn2/list/?series=126 |
| 33 | |
| 34 | We currently have rsa-sig for RSA signatures[*]. With hindsight we |
| 35 | could say this naming was not ideal as now we want to support |
| 36 | multiple key types. I think it may be better to name the new command |
| 37 | as type-agnostic like 'pkey-sig' so that we can deprecate rsa-sig and |
| 38 | eventualy remove it. As only management clients are affected this |
| 39 | should be easier than deprecating a config option. In the mean time |
| 40 | exclusively use |
| 41 | the new command for ECDSA signatures. |
| 42 | |
| 43 | Including the key/signature type in the command name is not necessary as the |
| 44 | UI knows which key to use and that fixes the signature type. |
| 45 | |
| 46 | If the meeting is already loaded with topics, I can ask this on the devel list. |
| 47 | |
| 48 | Thanks, |
| 49 | |
| 50 | Selva |
| 51 | [*] The daemon sends RSA-SIGN, the management client responds with rsa-sig |
| 52 | }}} |
| 53 | |