Hi Andrew,
Just a couple of questions/comments.
1. Please update to indicate that this will be targeted to 10.1.
2. As you noted, many of the steps around the generation and propagation
of the transport keys will be provided as manual steps for 10.1. Its
likely though that we will want to provide restful interfaces to do
these operations, perhaps in 10.2. Please create trac tickets for this
- and we can triage accordingly.
3. If we have an old CA which communicates with a DRM, and it does not
supply a DRM certificate with the archival request, is there any way of
determining whether the transport cert used to encrypt the key is valid?
If it isn't, and there is no way of doing so, then we could end up
reporting success, when in fact the key would be indecipherable.
Ade
On Wed, 2013-09-11 at 15:12 -0700, Andrew Wnuk wrote:
Feature page for DRM transport key rotation has been added:
http://pki.fedoraproject.org/wiki/DRM_Transport_Key_Rotation
Please review and provide comments.
Thanks,
Andrew
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel