Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: add SubjectKeyId automatically when IsCA is true #26676

Open
FiloSottile opened this issue Jul 29, 2018 · 2 comments
Open

crypto/x509: add SubjectKeyId automatically when IsCA is true #26676

FiloSottile opened this issue Jul 29, 2018 · 2 comments
Labels
Milestone

Comments

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Jul 29, 2018

RFC 5280 provides a recommended algorithm to generate the SubjectKeyID, and since these are new public keys, we could use it to set it by default. It's mostly useful for CAs, so we can do it only when IsCA is true. We already automatically set AuthorityKeyID when the parent has SubjectKeyId.

@FiloSottile

This comment has been minimized.

Copy link
Member Author

@FiloSottile FiloSottile commented Feb 4, 2019

Section 4.2.1.2 of RFC 5280 says this is a MUST for CAs.

   To facilitate certification path construction, this extension MUST
   appear in all conforming CA certificates, that is, all certificates
   including the basic constraints extension (Section 4.2.1.9) where the
   value of cA is TRUE. 
@andybons andybons modified the milestones: Go1.13, Go1.14 Jul 8, 2019
@rsc rsc modified the milestones: Go1.14, Backlog Oct 9, 2019
@FiloSottile FiloSottile modified the milestones: Backlog, Go1.14 Oct 23, 2019
@ianlancetaylor

This comment has been minimized.

Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Dec 5, 2019

@FiloSottile Is there something to do here for 1.14?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.