Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Begin issuing certificates with IP Address identifiers #7311

Open
11 tasks
aarongable opened this issue Feb 6, 2024 · 4 comments
Open
11 tasks

Begin issuing certificates with IP Address identifiers #7311

aarongable opened this issue Feb 6, 2024 · 4 comments
Labels
area/ca area/ra area/sa area/va area/wfe blocked

Comments

@aarongable
Copy link
Contributor

aarongable commented Feb 6, 2024
edited
Loading

This bug is an umbrella/tracking bug, acting as a one-stop-shop to see progress on the multiple sub-tasks necessary to achieve this 2024 OKR.

We intend to support IP Address identifiers only in short-lived certificates.

Prerequisities:

Subtasks:
@orangepizza orangepizza mentioned this issue Feb 7, 2024
Closed
@Manouchehri
Copy link

Is there any planned target date for this? =)

@aarongable
Copy link
Contributor Author

While we do have internal goals, we do not have a date that we are willing to commit to in public, sorry.

@Manouchehri
Copy link

No worries, I’m just excited!

@Tyrasuki
Copy link

Perhaps a trivial question, but I assume this would include IPv6 address identifiers?

@aarongable aarongable mentioned this issue Aug 29, 2024
Merged
jsha pushed a commit that referenced this issue Aug 30, 2024
@aarongable
Lay the groundwork for supporting IP identifiers (#7692)
dad9e08 
Clean up how we handle identifiers throughout the Boulder codebase by
- moving the Identifier protobuf message definition from sa.proto to
core.proto;
- adding support for IP identifier to the "identifier" package;
- renaming the "identifier" package's exported names to be clearer; and
- ensuring we use the identifier package's helper functions everywhere
we can.

This will make future work to actually respect identifier types (such as
in Authorization and Order protobuf messages) simpler and easier to
review.

Part of #7311
jprenken added a commit that referenced this issue Jan 21, 2025
@jprenken
Add Identifiers to Authorization & Order structs
e8ebb38 
Add `identifier` fields, which will soon replace the `dnsName` fields, to:
- `corepb.Authorization`
- `corepb.Order`
- `rapb.NewOrderRequest`
- `sapb.CountFQDNSetsRequest`
- `sapb.CountInvalidAuthorizationsRequest`
- `sapb.FQDNSetExistsRequest`
- `sapb.GetAuthorizationsRequest`
- `sapb.GetOrderForNamesRequest`
- `sapb.GetValidAuthorizationsRequest`
- `sapb.NewOrderRequest`

Populate these `identifier` fields in every function that creates instances of these structs.

Preferentially use these `identifier` fields in every function that uses these structs - but when crossing component boundaries, don't assume they'll be present, for deployability's sake.

Part of #7311
@jprenken jprenken mentioned this issue Jan 21, 2025
Draft
@aarongable aarongable mentioned this issue Jan 25, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/ca area/ra area/sa area/va area/wfe blocked
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aarongable @Manouchehri @Tyrasuki