diff options
| author | Rob Austein <sra@hactrn.net> | 2007-11-15 21:51:23 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2007-11-15 21:51:23 +0000 |
| commit | 6cf3c5cfc5be825f78a984dafd9f29ed7188e75f (patch) | |
| tree | 70cac00f7ce097edf289635eabe7a24901260640 /scripts | |
| parent | 44c568595080a3928548580d7ebeadf8a82dbce5 (diff) | |
More revocation notes
svn path=/scripts/README; revision=1299
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/README | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/scripts/README b/scripts/README index bbf1fb52..d06dcc67 100644 --- a/scripts/README +++ b/scripts/README @@ -76,6 +76,19 @@ Current TO DO list: we do need the revoked state, I guess the timer becomes the delay until we can get rid of it entirely, or something like that. + For that matter, how do we, as child, even find out that a cert has + been revoked? + + a) We asked to have it revoked, duh. + + b) Parent reissued with same resource class and key, revoking the + old cert (oversize, or something). We have to detect this when + processing <list_response/> and probably also <issue_response/>, + and perform immediate reissue to any affected children, because + the old cert is no good anymore. + + In either case we're done with the old cert once it's been revoked. + - Publication protocol and implementation thereof. Defer until core functionality in the main engine is done. |