Certificate Improvement Development Plan
This work has several goals
- Validate server keys on clients (done)
- Validate discrete client keys on server
- Allow explicit bootstrapping mode
The list of tasks
- Change src/Client/Proxy.py to use tlslite (done)
- Implement client fingerprint checking (done)
- Implement bcfg2-admin fingerprint (done)
- Implement auto-generation of bcfg2.conf (including fingerprint and per-client password) (done)
- Reimplement client side bindaddress choice
- Implement multi-auth system for per-client password choice
- document the new system
