[jira] [Updated] (HDDS-7385) Create a CRL endpoint in SCM

Mon, 24 Oct 2022 02:58:05 -0700 


     [ 
https://issues.apache.org/jira/browse/HDDS-7385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

István Fajth updated HDDS-7385:
-------------------------------
    Description: 
As discussed in [RFC-5280|https://www.rfc-editor.org/rfc/rfc5280.html], 
certificates can contain a cRLDistributionPoint definition, with which it is 
possible to direct the SSL clients to a web endpoint where the CRL is published.
In order to let all clients be notified the standard way about certificate 
revocation, SCM(s) should publish the actual CRL via their web interface, so 
that revocation checks can happen as discussed in the RFC from every client.

The aim here to provide the CRL as is based on the available information, the 
correctness and consistency of the information will be ensured by HDDS-7387

  was:
As discussed in [RFC-5280|https://www.rfc-editor.org/rfc/rfc5280.html], 
certificates can contain a cRLDistributionPoint definition, with which it is 
possible to direct the SSL clients to a web endpoint where the CRL is published.
In order to let all clients be notified the standard way about certificate 
revocation, SCM(s) should publish the actual CRL via their web interface, so 
that revocation checks can happen as discussed in the RFC from every client.


> Create a CRL endpoint in SCM
> ----------------------------
>
>                 Key: HDDS-7385
>                 URL: https://issues.apache.org/jira/browse/HDDS-7385
>             Project: Apache Ozone
>          Issue Type: Sub-task
>            Reporter: István Fajth
>            Assignee: István Fajth
>            Priority: Major
>
> As discussed in [RFC-5280|https://www.rfc-editor.org/rfc/rfc5280.html], 
> certificates can contain a cRLDistributionPoint definition, with which it is 
> possible to direct the SSL clients to a web endpoint where the CRL is 
> published.
> In order to let all clients be notified the standard way about certificate 
> revocation, SCM(s) should publish the actual CRL via their web interface, so 
> that revocation checks can happen as discussed in the RFC from every client.
> The aim here to provide the CRL as is based on the available information, the 
> correctness and consistency of the information will be ensured by HDDS-7387



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to