crl notes

svn path=/scripts/README; revision=1167
author: Rob Austein <sra@hactrn.net> 2007-10-17 20:36:46 +0000
committer: Rob Austein <sra@hactrn.net> 2007-10-17 20:36:46 +0000
commit: ad7ca140071827e106e96f4d8608bee2df2553ca (patch)
tree: ee6c1accb0facd5bd8a5f7494b7d65452350a3c5
parent: 56d0d598f53956dfc67ca095960ac8e7480854f9 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/scripts/README b/scripts/README
index d4a12ba2..39542d3f 100644
--- a/scripts/README
+++ b/scripts/README
@@ -21,7 +21,17 @@ To do list:
 
 - manifest generation
 
-- publication hooks into everything - need not wait for protocol, can just log what would happen for now
+- revocation and crl generation
+
+  - need to keep data on unexpired revoked certs to generate crl
+
+  - ever need to delay revocation of old certs to give their replacements time to propegate?
+
+  these two may imply that we need more fields in child_cert table to indicate whether a cert is dead,
+  eg, a date field which is NULL if the cert is still live, otherwise is the date after which it should be
+  in the crl
+
+- publication hooks everywhere - need not wait for protocol, can just log what would happen for now
 
   - cert publication
author	Rob Austein <sra@hactrn.net>	2007-10-17 20:36:46 +0000
committer	Rob Austein <sra@hactrn.net>	2007-10-17 20:36:46 +0000
commit	ad7ca140071827e106e96f4d8608bee2df2553ca (patch)
tree	ee6c1accb0facd5bd8a5f7494b7d65452350a3c5
parent	56d0d598f53956dfc67ca095960ac8e7480854f9 (diff)