I was thinking about the funcd->certmaster interaction this weekend and the problem we have with the localhostname that the system gets being nothing the certmaster can really use or care about sensibly - for example: somehostname.localdomain it ends up meaning we have a system which can get a signed cert but we cannot connect to from the certmaster using func b/c we don't have a connectable hostname. With that in mind I was wondering if it wouldn't make sense to have the funcd->certmaster interaction be more involved: funcd -> startup funcd -> knock, knock, certmaster funcd -> who am I? certmaster -> I see you as foo.bar.org funcd -> here's my csr for foo.bar.org certmaster -> thanks later after the sysadmin signs the csr funcd -> knock, knock, certmaster funcd -> who am I? certmaster -> I see you as foo.bar.org funcd -> here's my csr for foo.bar.org certmaster -> yes, good, here's the cert for you, foo.bar.org. funcd -> great, we're done. That way we know that the ip/name that the certmaster is seeing on the connect is the same one that funcd is using in its cert. Now, obvious problem here is NAT - but that was going to be a problem anyway afaik. thoughts on this? -sv
