Issue #10111 has been updated by Daniel Pittman.
Brice Figureau wrote: > Daniel Pittman wrote: > > Brice, this looks pretty awesome. It has taken a while to get to looking > > at, so a couple of things: > > > > Can you retarget this at master - this is way too big a change to introduce > > in a stable release, but it looks like a great feature to add. > > No problem. I will do that ASAP. It was my intention to target Telly anyway. Awesome. Thanks for those details; that is more or less the answers I expected, which is great. Before it lands we will absolutely be doing a thorough code review, and thank you very much for implementing this. ---------------------------------------- Feature #10111: Puppet should deprecate the use of CRLs and move towards OCSP https://projects.puppetlabs.com/issues/10111 Author: Nigel Kersten Status: In Topic Branch Pending Review Priority: Normal Assignee: Brice Figureau Category: SSL Target version: Telly Affected Puppet version: Keywords: Branch: https://github.com/puppetlabs/puppet/pull/233 OCSP: <http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol> OCSP scales significantly better and we should consider it in Puppet. We need to investigate whether Ruby/SSL allows us to use a nonce with the OCSP request, otherwise we may open ourselves up to replay attacks. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
