You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "István Fajth (Jira)" <ji...@apache.org> on 2022/10/24 09:58:00 UTC

[jira] [Updated] (HDDS-7385) Create a CRL endpoint in SCM

     [ https://issues.apache.org/jira/browse/HDDS-7385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

István Fajth updated HDDS-7385:
-------------------------------
    Description: 
As discussed in [RFC-5280|https://www.rfc-editor.org/rfc/rfc5280.html], certificates can contain a cRLDistributionPoint definition, with which it is possible to direct the SSL clients to a web endpoint where the CRL is published.
In order to let all clients be notified the standard way about certificate revocation, SCM(s) should publish the actual CRL via their web interface, so that revocation checks can happen as discussed in the RFC from every client.

The aim here to provide the CRL as is based on the available information, the correctness and consistency of the information will be ensured by HDDS-7387

  was:
As discussed in [RFC-5280|https://www.rfc-editor.org/rfc/rfc5280.html], certificates can contain a cRLDistributionPoint definition, with which it is possible to direct the SSL clients to a web endpoint where the CRL is published.
In order to let all clients be notified the standard way about certificate revocation, SCM(s) should publish the actual CRL via their web interface, so that revocation checks can happen as discussed in the RFC from every client.


> Create a CRL endpoint in SCM
> ----------------------------
>
>                 Key: HDDS-7385
>                 URL: https://issues.apache.org/jira/browse/HDDS-7385
>             Project: Apache Ozone
>          Issue Type: Sub-task
>            Reporter: István Fajth
>            Assignee: István Fajth
>            Priority: Major
>
> As discussed in [RFC-5280|https://www.rfc-editor.org/rfc/rfc5280.html], certificates can contain a cRLDistributionPoint definition, with which it is possible to direct the SSL clients to a web endpoint where the CRL is published.
> In order to let all clients be notified the standard way about certificate revocation, SCM(s) should publish the actual CRL via their web interface, so that revocation checks can happen as discussed in the RFC from every client.
> The aim here to provide the CRL as is based on the available information, the correctness and consistency of the information will be ensured by HDDS-7387



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org