Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-3180

Puppet should deprecate the use of CRLs and move towards OCSP

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Template:
    • Team:
      Froyo

      Description

      OCSP: <http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol>

      OCSP scales significantly better and we should consider it in Puppet.

      We need to investigate whether Ruby/SSL allows us to use a nonce with the OCSP request, otherwise we may open ourselves up to replay attacks.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            redmine.exporter redmine.exporter
            Votes:
            4 Vote for this issue
            Watchers:
            7 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support