Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SubjectPublicKeyID. #23

Merged
merged 1 commit into from
Mar 4, 2019
Merged

Add SubjectPublicKeyID. #23

merged 1 commit into from
Mar 4, 2019

Conversation

jsha
Copy link
Owner

@jsha jsha commented Feb 10, 2019

I added it only for roots, where it's a MUST. For end-entity certificates, RFC 5280 says:

For end entity certificates, the subject key identifier extension
provides a means for identifying certificates containing the
particular public key used in an application. Where an end entity
has obtained multiple certificates, especially from multiple CAs, the
subject key identifier provides a means to quickly identify the set
of certificates containing a particular public key. To assist
applications in identifying the appropriate end entity certificate,
this extension SHOULD be included in all end entity certificates.

Since the purpose in EE certificates appears to be identifying certificates that
share a common key, and minica EE certificates will never share a common key,
it seems fine to omit. I could be convinced otherwise, though.

Fixes #21.

@FiloSottile, thanks for the report. Would you review?

@jsha jsha merged commit eb90587 into master Mar 4, 2019
@jsha jsha deleted the add-skid branch March 4, 2019 23:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jsha