Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-3180

Puppet should deprecate the use of CRLs and move towards OCSP

    Details

    • Type: New Feature
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      OCSP: <http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol>

      OCSP scales significantly better and we should consider it in Puppet.

      We need to investigate whether Ruby/SSL allows us to use a nonce with the OCSP request, otherwise we may open ourselves up to replay attacks.

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                Unassigned
                Reporter:
                redmine.exporter redmine.exporter
              • Votes:
                4 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated: