| | 20 | = ecdsa-sig = |
| | 21 | |
| | 22 | Email from Selva: |
| | 23 | |
| | 24 | {{{ |
| | 25 | I do not think I can make any coherent case at 5:30am even if I |
| | 26 | somehow manage to make it to the meeting, but would like some feedback |
| | 27 | on one thing: |
| | 28 | |
| | 29 | Topic: 'ecdsa-sig' management interface command that I proposed (the |
| | 30 | patch for supporting EC certs with external key being reviewed by |
| | 31 | Arne). |
| | 32 | Ref: https://patchwork.openvpn.net/project/openvpn2/list/?series=126 |
| | 33 | |
| | 34 | We currently have rsa-sig for RSA signatures[*]. With hindsight we |
| | 35 | could say this naming was not ideal as now we want to support |
| | 36 | multiple key types. I think it may be better to name the new command |
| | 37 | as type-agnostic like 'pkey-sig' so that we can deprecate rsa-sig and |
| | 38 | eventualy remove it. As only management clients are affected this |
| | 39 | should be easier than deprecating a config option. In the mean time |
| | 40 | exclusively use |
| | 41 | the new command for ECDSA signatures. |
| | 42 | |
| | 43 | Including the key/signature type in the command name is not necessary as the |
| | 44 | UI knows which key to use and that fixes the signature type. |
| | 45 | |
| | 46 | If the meeting is already loaded with topics, I can ask this on the devel list. |
| | 47 | |
| | 48 | Thanks, |
| | 49 | |
| | 50 | Selva |
| | 51 | [*] The daemon sends RSA-SIGN, the management client responds with rsa-sig |
| | 52 | }}} |
| | 53 | |
