[
https://issues.apache.org/jira/browse/HDDS-7333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
István Fajth updated HDDS-7333:
-------------------------------
Description:
Our current code contains parts of the implementation that was driven by the
design doc in HDDS-2731. In the documentation in HDDS-7331 it is discussed why
an other approach is more beneficial for us.
The goals here are based on the new proposed approach:
- create CRL distribution endpoint in SCMs
- add cRLDistributionPoints property to our internal certificates
- internalize the revocation logic inside SCMs
- add CLI for certificate revocation
- integrate certificate revocation check based on the CRL distribution points
where needed
- handle renewal, revoke and remove old certificate
was:
Our current code contains parts of the implementation that was driven by the
design doc in HDDS-2731. In the documentation in HDDS-7331 it is discussed why
an other approach is more beneficial for us.
The goals here are based on the new proposed approach:
- create CRL distribution endpoint in SCMs
- add cRLDistributionPoints property to our internal certificates
- internalize the revocation logic inside SCMs
- add CLI for certificate revocation
- integrate certificate revocation check based on the CRL distribution points
where needed
- handle old certificate replacement
> Implement support for certificate revocation
> --------------------------------------------
>
> Key: HDDS-7333
> URL: https://issues.apache.org/jira/browse/HDDS-7333
> Project: Apache Ozone
> Issue Type: Improvement
> Components: Security
> Reporter: István Fajth
> Assignee: István Fajth
> Priority: Major
> Labels: certificate_revocation, pki
>
> Our current code contains parts of the implementation that was driven by the
> design doc in HDDS-2731. In the documentation in HDDS-7331 it is discussed
> why an other approach is more beneficial for us.
> The goals here are based on the new proposed approach:
> - create CRL distribution endpoint in SCMs
> - add cRLDistributionPoints property to our internal certificates
> - internalize the revocation logic inside SCMs
> - add CLI for certificate revocation
> - integrate certificate revocation check based on the CRL distribution points
> where needed
> - handle renewal, revoke and remove old certificate
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
