[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] SSL authentication and no longer valid certificates on Windows


I want to pick up a posting from March 2007:



        And one thing that really bothers me with the current SSL implementation
        in Condor, is the fact that apparently nowhere there is the use of
        Certificates Revocation Lists in order to centrally revoke a certificate
        and essentially kick out a compute node from the pool by simply revoking
        its certificate..but this is yet another topic :)

    This is a good suggestion for the next step with the SSL authentication

CRLs are a hideously broken method of trying to deal with certificates that should no longer be considered valid. It would be much better to implement support for OCSP (*), which is at least a somewhat less broken way of handling things.

(*) http://www.ietf.org/rfc/rfc2560.txt

How to deal with certificates no longer valid on the Windows platform?