On Tue, Mar 3, 2020, at 18:10, Paul Yang wrote: > In such a case, it's possible to utilize delegated credentials to > subsititue X.509 certificate in the 'inner' service mesh communication, > but we found something is missing in current structure of the > definition of the 'Credential'. In service mesh case, all the services > share one same domain name, but with different sub-identifiers, for > instance, one would like to issue a credential for > 'inner-service-A-at-a.com' and 'inner-service-B-at-a.com' by using the > X.509 certificate with CommonName 'a.com'. So we'd like to propose to > add an extra field in the 'Credential' sturcture to resolve this issue > as follows:
Hi Paul, As the delegated credential chains to an EE certificate, why is the information in that certificate not usable by the relying party? _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
