Ticket #635 (assigned task)

Opened 12 years ago

Last modified 9 years ago

[S] Support for Certificate Revocation Lists (CRLs)

Reported by: pjkersha Owned by: pjkersha
Priority: desirable Milestone: CMIP5 Security
Component: security Version:
Keywords: Security, CRL, certificate, CA Cc:

Description

Services verifying digital signatures or using SSL where NDG certs are used needs to be able to check the NDG Simple CA's most up to date CRL to ensure certs used have not been revoked.

  • Valid clients need to be able to submit a cert to the Simple CA for revocation
  • Simple CA WS needs an operation to allow clients to access the latest CRL
  • How often should clients pole the Simple CA for a CRL update?

When a user is removed an identity provider needs to be able to apply to the SimpleCA to revoke the cert and remove the cert/private from the MyProxy repository.

Should any of this be retained as manual operations?

Set milestone to PROD as unlikely to be able to complete all the above for alpha.

Change History

comment:1 Changed 12 years ago by pjkersha

  • Status changed from new to assigned

comment:2 Changed 12 years ago by selatham

  • Milestone changed from PROD to PROD Final

Will this be complete in NDG2?

comment:3 Changed 9 years ago by pjkersha

  • Milestone changed from NDG2 Cleanup to CMIP5 Security

This can be supported with ESG via MyProxy's trust root capability: for a given MyProxy server a set of CA certs, signing policies and CRLs can be pulled.

Note: See TracTickets for help on using tickets.