Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an algorithm for setting the agent certificate serial number #293

Merged
merged 5 commits into from
Feb 28, 2024
Merged

Add an algorithm for setting the agent certificate serial number #293

merged 5 commits into from
Feb 28, 2024

Conversation

markafoltz
Copy link
Contributor

@markafoltz markafoltz commented Sep 7, 2022
edited by pr-preview bot
Loading

This addresses Issue #276: Agent Certificate has a circular dependency on itself

We can't use the certificate fingerprint as the serial number, because the serial number is embedded in the certificate itself.

X.509 requires every certificate from the same issuer to have a unique (not necessarily consecutive) serial number.

This PR adds a simple algorithm to generate a unique per-agent serial number per certificate. Even if an agent generates a new certificate once per hour, the counter would take almost 500,000 years to overflow :-P

Preview | Diff

@markafoltz markafoltz added the F2F label Sep 7, 2022
@markafoltz markafoltz requested a review from chrisn September 7, 2022 21:59
@markafoltz
Copy link
Contributor Author

Feel free to review now in advance of TPAC.

@markafoltz markafoltz mentioned this pull request Sep 13, 2022
Open
@markafoltz markafoltz requested a review from baylesj March 6, 2023 20:00
@markafoltz
Copy link
Contributor Author

baylesj@, do you mind taking a look?

@anssiko
Copy link
Member

anssiko commented Mar 6, 2023

PTAL @baylesj I suppose :)

@markafoltz markafoltz linked an issue Sep 11, 2023 that may be closed by this pull request
Agent Certificate has a circular dependency on itself #276
Closed
@markafoltz markafoltz added v1-spec security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. labels Sep 11, 2023
@w3cbot w3cbot mentioned this pull request Sep 11, 2023
Open
@backkem
Copy link
Contributor

backkem commented Sep 29, 2023

Is the same comment not relevant to the Subject Name? It is defined as CN = <fp>._openscreen._udp.

baylesj
baylesj reviewed Oct 12, 2023
View reviewed changes
index.bs Outdated Show resolved Hide resolved
baylesj
baylesj approved these changes Oct 12, 2023
View reviewed changes
Copy link
Contributor

@baylesj baylesj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM % feedback.

@backkem
Copy link
Contributor

backkem commented Oct 13, 2023
edited
Loading

The use of <fp> in the subject name is no issue? Is there a way to set this field after calculation of the fingerprint?

@markafoltz markafoltz removed a link to an issue Jan 22, 2024
Agent Certificate has a circular dependency on itself #276
Closed
@markafoltz
Copy link
Contributor Author

Is the same comment not relevant to the Subject Name? It is defined as CN = <fp>._openscreen._udp.

Yes, that is also an issue, thank you for pointing that out. We won't be able to close Issue #276 until we address that.

@markafoltz
Copy link
Contributor Author

PTAL @baylesj, I will have to come up with a separate proposal to fix the subject name.

@markafoltz markafoltz merged commit 21b7b45 into main Feb 28, 2024
2 checks passed
@markafoltz markafoltz deleted the issue-280-serial branch February 28, 2024 17:41
@markafoltz
Copy link
Contributor Author

Went ahead and merged this as comments have been addressed. Please let me know if there are other comments @baylesj

github-actions bot added a commit that referenced this pull request Feb 28, 2024
@markafoltz @github-actions
Merge pull request #293 from w3c/issue-280-serial
52ae012 
SHA: 21b7b45
Reason: push, by mfoltzgoogle

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@baylesj baylesj baylesj approved these changes

@chrisn chrisn Awaiting requested review from chrisn

Assignees

@baylesj baylesj

Labels
F2F security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. v1-spec
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@markafoltz @anssiko @backkem @baylesj