Skip to content

Make SAN optional and move it to Instance #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sergiopozoh opened this issue Mar 5, 2021 · 2 comments
Open

Make SAN optional and move it to Instance #22

sergiopozoh opened this issue Mar 5, 2021 · 2 comments
Milestone
v1alpha2

Comments

@sergiopozoh
Copy link
Contributor

sergiopozoh commented Mar 5, 2021
edited
Loading

Proposed changes

  • SAN must be made optional. It is also worth considering if we should move it to Instance, as right now is at the FederatedService level.

Reasons

  • Now that Hamlet supports cleartext protocols, but SAN is still mandatory.

Alternatives

  • Leave SAN in FederatedService. Feels unnatural. But even though, the implementor agent can always fill the array with all the valid SANs. How to select the right one for each Instance would be the challenge (assuming each Instance has its own cert with a single value SAN).
  • Put SAN in Instance. We are assuming that each Instance will present its own certificate with a single value in the SAN. Maybe this is the right thing to do, given that SNI is already at the Instance. Maybe all instances present the same certificate with a multi-value SAN.
@sergiopozoh sergiopozoh added this to the v1alpha2 milestone Mar 5, 2021
@sergiopozoh
Copy link
Contributor Author

@dkalani @venilnoronha thoughts?

@sergiopozoh
Copy link
Contributor Author

SAN is already optional in the spec document, it's only the protobuf comment what must be changed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1alpha2
Development

No branches or pull requests
1 participant
@sergiopozoh