Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-users] SSL authentication and no longer valid certificates on Windows
- Date: Fri, 12 Mar 2010 14:35:13 +0000
- From: "Ochtrup, Carsten" <carsten.ochtrup@xxxxxx>
- Subject: [Condor-users] SSL authentication and no longer valid certificates on Windows
Hello,
I want to pick up a posting from March 2007:
https://lists.cs.wisc.edu/archive/condor-users/2007-March/msg00138.shtml
----------------------------<snip>-----------------------
And one thing that really bothers me with the current SSL implementation
in Condor, is the fact that apparently nowhere there is the use of
Certificates Revocation Lists in order to centrally revoke a certificate
and essentially kick out a compute node from the pool by simply revoking
its certificate..but this is yet another topic :)
This is a good suggestion for the next step with the SSL authentication
method.
CRLs are a hideously broken method of trying to deal with certificates that should no longer be considered valid. It would be much better to implement support for OCSP (*), which is at least a somewhat less broken way of handling things.
(*) http://www.ietf.org/rfc/rfc2560.txt
----------------------------<snip>-----------------------
How to deal with certificates no longer valid on the Windows platform?
Cheers,
Carsten