the certs generated are defined in rfd 303
permslip already has such a mechanism that was prototyped here but I think the branch got deleted so we should crib from permslip
We've gotta be able to oks ca init such a CA which requires bootstrapping whatever persistent metadata we need. The current implementation does so for an openssl ca but whether or not we should maintain backward compatibility is an open question.
the certs generated are defined in rfd 303
permslip already has such a mechanism that was prototyped here but I think the branch got deleted so we should crib from permslip
We've gotta be able to
oks ca initsuch a CA which requires bootstrapping whatever persistent metadata we need. The current implementation does so for an openssl ca but whether or not we should maintain backward compatibility is an open question.