Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
TLS certificate object documentation and support for EC certificates #24358
referenced this pull request
Nov 14, 2018
I am actually not sure how this aligns with my proposal for key objects... IMO it would make more sense to expose properties of the key via a key object, not using the certificate, but on the other hand, I am not sure whether we should expose those fields at all.
I think it aligns fine with key objects. The key info in the cert is already present, but mostly for debugging. I don't think that has much to do with the keyObjects you are working on. It would be possible to add a keyObject property to the cert object, but the overhead might not make sense for TLS. It could be optional.
More interestingly, I notice your keyObjects don't allow access to any of the key properties, so a key object isn't a replacement for how the cert objects expose the public key material. Perhaps that is deliberate - key material might not be present if the key is on hardware? Even if the key isn't exposed, it seems to me that the key size, and the ec curve/nist name are all properties that would be useful.
If you are considering exposing some information about the asym keys (alg, size, curve, etc) from keyObjects, then it would make sense that the property names you use are aligned with the property names used in cert objects.
Is that something you see a place for? You could do it later, but it would be good if you at least liked the names used here so that using the same names won't cause any pain.