Checkpoint

svn path=/scripts/rpki/sql.py; revision=1506
author: Rob Austein <sra@hactrn.net> 2008-01-25 22:50:03 +0000
committer: Rob Austein <sra@hactrn.net> 2008-01-25 22:50:03 +0000
commit: 7cc787ed194e6a0358e816a71ab96714e7c2b584 (patch)
tree: 06457cf70bf272148d44f05ff38f37df81a96a04 /scripts/rpki/sql.py
parent: dfb346bfb81a4ba951eb2bed4dca4a33fcf1f14b (diff)
1 files changed, 3 insertions, 5 deletions
diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py
index 33171ff0..cdab439f 100644
--- a/scripts/rpki/sql.py
+++ b/scripts/rpki/sql.py
@@ -377,16 +377,14 @@ class ca_obj(sql_persistant):
       whatever) issued by the old keypair.
 
     - Generate a final CRL, signed with the old keypair, listing all
-      the revoked certs, with a next CRL time after the last cert
-      signed by the old keypair will have expired.
+      the revoked certs, with a next CRL time after the last cert or
+      CRL signed by the old keypair will have expired.
 
     - Destroy old keypair.
 
     - Leave final CRL in place until its next CRL time has passed.
 
-    I have this vague recollection that there's some kind of n+1 issue
-    with CRL generation cycles, need to ask the X.509 guys whether
-    it's relevant here.
+
     """
 
     raise rpki.exceptions.NotImplementedYet
author	Rob Austein <sra@hactrn.net>	2008-01-25 22:50:03 +0000
committer	Rob Austein <sra@hactrn.net>	2008-01-25 22:50:03 +0000
commit	7cc787ed194e6a0358e816a71ab96714e7c2b584 (patch)
tree	06457cf70bf272148d44f05ff38f37df81a96a04 /scripts/rpki/sql.py
parent	dfb346bfb81a4ba951eb2bed4dca4a33fcf1f14b (diff)