Issue #10111 has been updated by Daniel Pittman. Target version set to Telly
Brice, this looks pretty awesome. It has taken a while to get to looking at, so a couple of things: Can you retarget this at master - this is way too big a change to introduce in a stable release, but it looks like a great feature to add. How mature do you think this is? You note that you didn't test a Passenger based setup, and that you don't cache the CRL. How significant do you think those issues are? Is this a mature commit that just needs some testing, or do you think that we are likely to uncover bugs in testing it? Finally, do you have a sketch for how we could test that this feature works at a high level? What are the edge cases we should be validating? With those answers, and a branch targetted at master, I am happy to take this and get it in place for Telly. ---------------------------------------- Feature #10111: Puppet should deprecate the use of CRLs and move towards OCSP https://projects.puppetlabs.com/issues/10111 Author: Nigel Kersten Status: In Topic Branch Pending Review Priority: Normal Assignee: Brice Figureau Category: SSL Target version: Telly Affected Puppet version: Keywords: Branch: https://github.com/puppetlabs/puppet/pull/233 OCSP: <http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol> OCSP scales significantly better and we should consider it in Puppet. We need to investigate whether Ruby/SSL allows us to use a nonce with the OCSP request, otherwise we may open ourselves up to replay attacks. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
