-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would recommend supporting CRLs, OCSP, and SCVP if you can manage it.
Don't deprecate CRLs though, that would be asking for trouble. Trevor On 10/16/2011 08:37 PM, [email protected] wrote: > > Issue #10111 has been reported by Nigel Kersten. > > ---------------------------------------- > Feature #10111: Puppet should deprecate the use of CRLs and move towards OCSP > https://projects.puppetlabs.com/issues/10111 > > Author: Nigel Kersten > Status: Investigating > Priority: Normal > Assignee: > Category: SSL > Target version: > Affected Puppet version: > Keywords: > Branch: > > > OCSP: <http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol> > > OCSP scales significantly better and we should consider it in Puppet. > > We need to investigate whether Ruby/SSL allows us to use a nonce with the > OCSP request, otherwise we may open ourselves up to replay attacks. > > > > - -- Trevor Vaughan Vice President, Onyx Point, Inc. email: [email protected] phone: 410-541-ONYX (6699) pgp: 0x6C701E94 - -- This account not approved for unencrypted sensitive information -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJOnM5HAAoJECNCGV1OLcyp02oH/25tLCBq9hAPqTJpL8Nqztkb YvcEXZlH+bSD6Y3JxO1NgbaalNsv3BzfwpQDdgpKd68u4sNBl5qVZ7Uq2QrJNgIh cK2pIgiE+UcqIAxGqhsUH2yEc5RVVfxxeW6yjb/fXOTFb0W+GtzwxLIpXKyKQKKm 77MJ/t6nubzmnJovp/Nhpcyyem6hDf6GLPlPcVwjUPeBMqyOvdlw0/QUFi+ccOkt f+8K4Zizi6BDl5oIDrECLSB7d7pyL9a2l46+eTigdXWg22mXqiRStmA70S7FQI4a NIeoJyuGDPb4hOaHt+EWDo+zuMVMRHwlfwcSNPV9kyU8E1fe63FXIUNl1FFggz4= =gvD9 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
<<attachment: tvaughan.vcf>>
