On 06/08/2012 04:37 PM, Endi Sukma Dewata wrote:
On 6/8/2012 2:19 PM, Nathan Kinder wrote:
> On 06/08/2012 12:06 PM, Endi Sukma Dewata wrote:
>> On 6/8/2012 1:12 PM, Andrew Wnuk wrote:
>>> On 06/07/2012 02:04 PM, Endi Sukma Dewata wrote:
>>>> On 6/7/2012 11:38 AM, Andrew Wnuk wrote:
>>>>> On 06/07/2012 07:28 AM, Endi Sukma Dewata wrote:
>>>>>> The cert revocation CLI provides a tool to revoke and unrevoke
>>>>>> certificates.
>>>>>
>>>>> "unrevoke" is really inappropriate term. It suggests that
one could
>>>>> unrevoke any revoked certificate where is fact one can only take off
>>>>> hold certificates that are currently on hold.
>>>>
>>>> How about a "revoke" command for permanent revocation only,
and
>>>> separate "on-hold" and "off-hold" commands for
temporary revocation?
>>>> Any suggestions?
>>>>
>>> This is asymmetric case. "on-hold" is just one of many revocation
>>> reasons. Certificate can be taken off hold if it was revoked with
>>> "on-hold" reason. There are only two operations: certificate
>>> revocation
>>> and taking certificates off hold.
>>
>> The original "revoke" operation is partially asymmetric (permanent
>> revocation) and partially symmetric (temporarily on-hold). It might be
>> more intuitive to create a new "revoke" command that does asymmetric
>> operation only (no "unrevoke" operation) and separate
"on-hold" and
>> "off-hold" commands for the symmetric operations.
>>
>> If we only have "revoke" and "off-hold" only, people might
be
>> thinking, there's an "off-hold" command, so how do I
"hold" a cert? It
>> might not be very obvious that the "revoke" command has an
"on-hold"
>> option which behaves differently from the other revoke reasons.
>>
> I tend to agree from a pure CLI perspective. Behind the scenes,
> "on-hold" is really a revocation reason, but that doesn't mean we need
> to make the CLI use the exact same terminology.
>
> How about having "revoke", "on-hold", and "off-hold"
commands? We can
> still allow one to use the "revoke" command and specify the revocation
> reason as on-hold, which would be the equivalent of the "on-hold"
> command.
+1
Some other possibilities:
- revoke/hold/release
I like this one. Maybe even
"revoke/hold/release-hold"? Plain
"release" doesn't seem very descriptive on it's own. I think
"release-hold" is more clear.
- revoke/suspend/release
- revoke/enable/disable