From 7cc787ed194e6a0358e816a71ab96714e7c2b584 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Fri, 25 Jan 2008 22:50:03 +0000
Subject: Checkpoint

svn path=/scripts/rpki/sql.py; revision=1506
---
 scripts/rpki/sql.py | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'scripts/rpki/sql.py')

diff --git a/scripts/rpki/sql.py b/scripts/rpki/sql.py
index 33171ff0..cdab439f 100644
--- a/scripts/rpki/sql.py
+++ b/scripts/rpki/sql.py
@@ -377,16 +377,14 @@ class ca_obj(sql_persistant):
       whatever) issued by the old keypair.
 
     - Generate a final CRL, signed with the old keypair, listing all
-      the revoked certs, with a next CRL time after the last cert
-      signed by the old keypair will have expired.
+      the revoked certs, with a next CRL time after the last cert or
+      CRL signed by the old keypair will have expired.
 
     - Destroy old keypair.
 
     - Leave final CRL in place until its next CRL time has passed.
 
-    I have this vague recollection that there's some kind of n+1 issue
-    with CRL generation cycles, need to ask the X.509 guys whether
-    it's relevant here.
+
     """
 
     raise rpki.exceptions.NotImplementedYet
-- 
cgit v1.2.3