On Fri, Apr 22, 2016 at 07:50:06PM -0400, John Magne wrote:
> I took a look at the stuff alee asked for.
>
> CFU even took a quick look when I asked her a couple of questions.
> She was unsure of something (as was I) and she would like to be able
> to take a closer look next week. I will give my
thm().equals("EC")
> +? PrivateKey.Type.EC
> +: PrivateKey.Type.RSA;
> +return wrapper.unwrapPrivate(encPrivKey.getBits(), keyType, pubkey);
> + }
>
>
> ----- Original Message -
> > From: "Fraser Tweedale" <f
redhat.com>
> To: "Ade Lee" <a...@redhat.com>
> Cc: pki-devel@redhat.com
> Sent: Wednesday, April 20, 2016 9:58:54 PM
> Subject: Re: [Pki-devel] [PATCH] 0084..0086 Lightweight CA replication
> support
>
> Thanks Ade. Updated patch 0096 attached. Comments in
ACK on latest 96 and 99.
I will ask cfu or jmagne to look at the KeyRetrieveRunner logic today.
Ade
On Thu, 2016-04-21 at 14:58 +1000, Fraser Tweedale wrote:
> Thanks Ade. Updated patch 0096 attached. Comments inline.
>
> On Wed, Apr 20, 2016 at 11:30:52AM -0400, Ade Lee wrote:
> >
Thanks Ade. Updated patch 0096 attached. Comments inline.
On Wed, Apr 20, 2016 at 11:30:52AM -0400, Ade Lee wrote:
> Comments:
>
> 95 - ack
>
> 96 -
>
> 1. You have made the return type of initSigUnit() to be boolean.
> Should you be checking the return value in init()?
>
It is not needed
Comments:
95 - ack
96 -
1. You have made the return type of initSigUnit() to be boolean.
Should you be checking the return value in init()?
2. In addInstanceToAuthorityKeyHosts(), you are still using only the
hostname. Should be host:port
3. The logic in the KeyRetrieverRunner class looks
Both issues addressed in latest patchset. Two new patches in the
mix; the order is:
0095-4, 0098, 0099, 0096-4, 0097-3 (tip)
I also added another attribute to schema for the authority
certificate serial number. It is not used in current code but I
have a hunch it may be needed for renewal,
On Thu, Apr 14, 2016 at 05:34:45PM -0400, Ade Lee wrote:
> Couple of points on 96/97.
>
> 1. First off, I'm not sure you followed my concern about being able to
> distinguish between CA instances.
>
> On an IPA system, this is not an issue because there is only one CA on
> the server. In this
Couple of points on 96/97.
1. First off, I'm not sure you followed my concern about being able to
distinguish between CA instances.
On an IPA system, this is not an issue because there is only one CA on
the server. In this case, I imagine there will be a well known
directory which custodia
On Thu, Apr 14, 2016 at 09:04:31AM +1000, Fraser Tweedale wrote:
> On Wed, Apr 13, 2016 at 05:26:44PM -0400, Ade Lee wrote:
> > Still reviewing ..
> >
> > See comment on 87. ACK on 88,89,90,91,92,93, 94, 95.
> >
> > Ade
> >
> > On Mon, 2016-04-11 at 12:32 +1000, Fraser Tweedale wrote:
> > >
On Wed, Apr 13, 2016 at 05:26:44PM -0400, Ade Lee wrote:
> Still reviewing ..
>
> See comment on 87. ACK on 88,89,90,91,92,93, 94, 95.
>
> Ade
>
> On Mon, 2016-04-11 at 12:32 +1000, Fraser Tweedale wrote:
> > Thanks for review, Ade. Comments to specific feedback inline.
> > Rebased and
96-2 looks like it does not apply. Please rebase .
On Mon, 2016-04-11 at 12:32 +1000, Fraser Tweedale wrote:
> Thanks for review, Ade. Comments to specific feedback inline.
> Rebased and updated patches attached. The substantive changes are:
>
> - KeyRetriever implementations are now required
Still reviewing ..
See comment on 87. ACK on 88,89,90,91,92,93, 94, 95.
Ade
On Mon, 2016-04-11 at 12:32 +1000, Fraser Tweedale wrote:
> Thanks for review, Ade. Comments to specific feedback inline.
> Rebased and updated patches attached. The substantive changes are:
>
> - KeyRetriever
A few comments.
1. One of the first things that struck me as odd was making
CertificateAuthority implement Runnable. I think it would be cleaner
to have a static inner class called AuthorityMonitor or similar to
which we pass in the CertificateAuthority.
2. I do like the fact that the caMap
Hi all,
The attached patches implement replication support for lightweight
CAs. These patches do not implement key replication via Custodia
(my next task) but they do implement the persistent search thread
and appropriate** API behaviour when the signing keys are not yet
available.
** In most
15 matches
Mail list logo