petkivim
commented
6 years ago All the issues from the Joint Development backlog are transferred to new X-Road backlog. Before enhancement requests are accepted to the backlog they are evaluated by the Working Group.
If this enhancement request is still valid, please sign up for an account first, and then submit it to the X-Road Service Desk. You will be notified by email once the Working Group has processed your request.
Affected components:
Affected documentation: Approved Certification Service Estimated delivery: - External reference: -
Problem It is clear what the "This CA can only be used for TLS" option means. It's not clear what the implication or use cases are. I understand messages traveling on the X-Road need to be signed, does this mean the signature services would come from a different CA? How would this work?
Regarding the CertificateProfileInfo implementation, I understand the SkKlass3CertificateProfileInfoProvider is meant to be used with SK.EE services. Looking at the code it seems that there's nothing specific to any country and I also found the EjbcaCertificateProfileInfoProvider, is this the provider other countries/implementations should be using? Given that we are in a different country, should we be creating our own implementation?
Acceptance criteria Add guidelines to help implementers decide on CA use and CertificateProfileInfo class implementation.