Closed kathrynfejer closed 5 years ago
I think this is fine for now (I agree with the change to have the genservercert randomly-generate a server id if not given one). However, having the client take the certificate, rather than just a server_id, may be a little strange, since we won't be doing that for TPM clients (we're currently just saving the server ID in TPM).
This touches on the long-standing issue of whether the server ID serves (pun intended) any purpose or if we should get rid of it. I would like to start this discussion in earnest, and potentially not require the client to provide the file, so I'm going to open an issue to start that discussion.
The point here is that we have to remember that with this change we now require a TPM-using-client to have a server ID, while a non-TPM-using-client has to have a server certificate. This should just be a short-term situation, until we resolve the status of the server ID.
Given that we're removing the server ID, can you remove the parts of this PR that affect the server id? We can then go ahead and merge this, then do the work to remove the server ID stuff.
server_id
was a requirement of both the client and genservercert. In order to get rid ofserver_id.bin
, I changed the client code to accept theserver_cert
as input and find the randomly generated server_id from the server's certificate.Fixes #81