[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] SSL authentication with WinXP

On Thu, 15 Mar 2007 19:07:25 +0000 (GMT)
Bruce Beckles <mbb10@xxxxxxxxx> wrote:

> CRLs are a hideously broken method of trying to deal with certificates 
> that should no longer be considered valid.  It would be much better to 
> implement support for OCSP (*), which is at least a somewhat less broken 
> way of handling things.
> (*) http://www.ietf.org/rfc/rfc2560.txt

Didn't know about OCSP until today, thanks for the heads-up!
By looking at the RFC it seems indeed that it is a better alternative than
CRLs! I wouldn't mind having support for OCSP integrated in a future
version of Condor....I'm also willing to test it :)



PS: still had no time to complete an SSL-howto for Condor...but it is in
the pipeline :)