Hi Oli, I hope you are talking about 0.9.2.x.
Oliver Welter wrote:
there was a serious question appearing on the users list... What happens in this scenario, using networkbased dataexchange (scp):
0. I think you mean "export" with "enroll" - right? I assume additionally that no other action take place during this situation.
CA Op 1 issues some certs and enrolls them
The dataexchange archive includes the certs of CA Op 1.
CA Op 2 issues some certs and enrolls them
The dataexchange archive includes the certs of CA Op 1 and CA Op 2.
RA Op now downloads the dataexchange files
The RA Op receives a file with certs of both admins.
I guess RA will receive the file from the second enrollment,
Yes.
will this one contain the certificates from BOTH CA Operators ? Or only the ones from the second one ?
It contains the certs from both admins.
What is if Op 1 issues a new CRL ? Will this get distributed ?
Yes.
If I am right, we have a serious bug :(
No :)You see I like short answers but perhaps a small explanation is a good idea. OpenCA exports an object until it gets a commit from the receiving node. This means in your case that OpenCA exports every cert from the CA node until it gets a commit for the cert from the receiving RA node. This happens if you export some data from the RA node to the CA node. It is a nice feature of our incremental dataexchange. Media loss is no problem at all - only the performance is a problem in 0.9.2.
Michael -- _______________________________________________________________ Michael Bell Humboldt-Universitaet zu Berlin Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
smime.p7s
Description: S/MIME Cryptographic Signature
