-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ambiguous name: credentials.NewClientTLSFromCert() #107
Comments
On Sat, Mar 7, 2015 at 12:02 AM, prazzt notifications@github.com wrote:
|
how about NewClientTLSFromCA? |
So this is basically certificate pinning right ? How is the expected usage here ? does clientCert == serverCert ? |
I do not think we do extra work besides the normal TLS handshake. This is more like a browser->web service type of usage -- clients do not have their own certs but root CA. |
I see another issue got confused also by TLS client certificate .. I propose the following signatures:
This way it's shorter (we know it's always TLS anyway), and people don't confuse for "TLS client authentication" |
Nah, it is not TLS always. We will support SSH too. And we are working on some Google internal transport security protocol too. Therefore, you need to have TLS in the names. In addition, I prefer "XXXFromFile" to "XXXFile". Plus, it is not necessary a local file (e.g., it could be at NFS.). |
I see. Hope it doesn't get too bloated in the future. Closing this. |
My first impression was "TLS client certificate authentication", i.e. distinguish each clients by certificate that they sent. But from cursory look, turns out it's actually certificate pinning.. making sure client talks with pinned server CA.
Am I right, or does grpc actually supports client certificate authentication ?
The text was updated successfully, but these errors were encountered: