You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/11/11 15:42:56 UTC

[GitHub] [pulsar] alexku7 opened a new issue #8525: Certificate and Token revocation

alexku7 opened a new issue #8525:
URL: https://github.com/apache/pulsar/issues/8525


   **Is your feature request related to a problem? Please describe.**
   Currently the pulsar doesn't have an ability to check and ensure that the client certificates used for the authentication is not revoked, In case of compromised certificate , an attacker can't continue using the stolen certificate until its expiration date and the only solution here is to replace the whole CA 
   
   **Describe the solution you'd like**
   The Pulsar will have a flag  for example enableCRLChecking . When enabled, the Pulsar will verify the CRL list and ensure that the certificate is not revoked. 
   The same will be good to implement for the token based authentication.
   
   **Describe alternatives you've considered**
   No good and valid alternative exists todate in the pulsar
   
   **Additional context**
   Nope
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org