[Freeipa-devel] Scope of ECC support in FreeIPA/Dogtag
Martin Kosek
mkosek at redhat.com
Tue Sep 15 12:10:57 UTC 2015
Hi Nathan and others,
I am now going through FreeIPA 4.4 items and I am thinking about ECC support in
FreeIPA:
https://fedorahosted.org/freeipa/ticket/3951
AFAIK, ECC should be already supported in Dogtag. Could you please advise what
is the scope of expected changes in FreeIPA?
My understanding is that following parts are required:
1) Generating ECC signing certificate for FreeIPA CA. This is not clear to me
though, if this task can be easily done during upgrade.
2) Updating FreeIPA Certificate Profiles (which should be now in LDAP) and
adding respective EC algorithms support to "signingAlgsAllowed", as noted in
https://fedorahosted.org/freeipa/ticket/3951#comment:1.
Is that correct or more is needed to make that working and supported in FreeIPA?
--
Martin Kosek <mkosek at redhat.com>
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc.
More information about the Freeipa-devel
mailing list