Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-3180

Puppet should deprecate the use of CRLs and move towards OCSP

    Details

    • Type: New Feature
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      OCSP: <http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol>

      OCSP scales significantly better and we should consider it in Puppet.

      We need to investigate whether Ruby/SSL allows us to use a nonce with the OCSP request, otherwise we may open ourselves up to replay attacks.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              redmine.exporter redmine.exporter
            • Votes:
              4 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:

                Zendesk Support