Hi All, At a previous OpenStack Security Project IRC meeting, we briefly discussed a lightweight traditional PKI using the Anchor validation functionality, for use in internal deployments, as an alternative to things like MS ADCS. To take this further, I have drafted a spec, which is in the security-specs repo, and would appreciate feedback: https://review.openstack.org/#/c/231955/ Regards Doug