I've seen someone try to do
network create -addr xxx -username xxx -certfp cafebabecafebabe
to connect to a network using an existing certfp they had generated for
a different network. However, it seems that this “-certfp” flag is
unrelated and used to provide the fingerprint of a server's self-signed
TLS certificate. This introduces confusion with the cerfp used to log
in. Would you consider renaming this flag?
On Tuesday, January 2nd, 2024 at 11:57, Vlad-Stefan Harbuz <vlad@vladh.net> wrote:
> I've seen someone try to do> > network create -addr xxx -username xxx -certfp cafebabecafebabe> > to connect to a network using an existing certfp they had generated for> a different network. However, it seems that this “-certfp” flag is> unrelated and used to provide the fingerprint of a server's self-signed> TLS certificate. This introduces confusion with the cerfp used to log> in. Would you consider renaming this flag?
"certfp" here just means "certificate fingerprint", both sides of the
connection may send a certificate. Note, this isn't the same as the
public key fingerprint.
I'm not against renaming, but do you have a suggestion for a replacement?
On Thu Jan 4, 2024 at 7:45 AM GMT, Simon Ser wrote:
> "certfp" here just means "certificate fingerprint", both sides of the> connection may send a certificate. Note, this isn't the same as the> public key fingerprint.>> I'm not against renaming, but do you have a suggestion for a replacement?
Perhaps server-certfp, as in, the fingerprint of the server's
certificate, as opposed to that of the client's certificate? And perhaps
adding a note clarifying this to that option's documentation would also
be beneficial?