István Fajth created HDDS-7334:
----------------------------------
Summary: Rotation and revocation for CA certificates
Key: HDDS-7334
URL: https://issues.apache.org/jira/browse/HDDS-7334
Project: Apache Ozone
Issue Type: Improvement
Components: Security
Reporter: István Fajth
Assignee: István Fajth
Once we have support for certificate revocation, and renewal, we need to also
support revoking and renewal of CA certificates at any level.
In order to achieve this, we need to:
- implement rotation logic for subordinate CA certificates
- implement rotation of the root CA certificate (tricky, as there will be
periods of time, while there are more than one root CA which is valid)
- implement revocation logic for CA certificates, this requires to revoke all
certificates that are inheriting trust from this CA
- implement root CA revocation, which effectively means a possibly live
rebootstrap of the whole PKI, and the update of all the truststores used within
Ozone services
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
