Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CRL support #425

Open
JeyJeyGao opened this issue Jul 22, 2024 · 4 comments
Open

CRL support #425

JeyJeyGao opened this issue Jul 22, 2024 · 4 comments
Assignees
@JeyJeyGao
Labels
enhancement New feature or request
Milestone
1.3.0

Comments

@JeyJeyGao
Copy link
Contributor

JeyJeyGao commented Jul 22, 2024
edited
Loading

As suggested in notaryproject/notation-core-go#125, CRL support is required.

Here is the plan to complete CRL support based on priority:

  1. Basic CRL support (v1.3.0): This includes base CRL downloading and validation, with a fallback rule to automatically choose OCSP and fallback to CRL.
  2. CRL cache support (v1.3.0): Since CRL is a static file with relatively long-term validity, and a well-known CA's CRL is usually greater than 600KiB, a cache mechanism can significantly improve performance.
  3. Revocation mode control (Future): Many users may prefer to use CRL due to network or OCSP server issues. Therefore, we need to provide a way to choose the preferred revocation solution rather than a fixed rule.
  4. Revocation network request timeout threshold control, CRL cache TTL control, and CRL cache cleaning. (Future)
  5. Delta CRL support (Future)
@JeyJeyGao JeyJeyGao added enhancement New feature or request triage Needs evaluation for feasibility, timeline, etc. labels Jul 22, 2024
@JeyJeyGao JeyJeyGao self-assigned this Jul 22, 2024
@Two-Hearts
Copy link
Contributor

@JeyJeyGao Could you move this issue to notation-go? As it's more a library issue than an external user facing one.

@JeyJeyGao JeyJeyGao transferred this issue from notaryproject/notation Jul 22, 2024
@priteshbandi
Copy link
Contributor

priteshbandi commented Jul 22, 2024
edited
Loading

LGTM; Additionally, it would be good if we could implement a caching system that allows users to bring their own cache implementation. This would enable users to leverage in-memory caching (for libraries), disk-based caching (for binaries), or any other remote storage option for the cache. Providing this flexibility would give users more control over how the caching is handled in the system and at the same time reducing complexity from our code.

@shizhMSFT
Copy link
Contributor

Cache is important and @JeyJeyGao will share the detailed design later.

@JeyJeyGao JeyJeyGao mentioned this issue Jul 23, 2024
Open
@JeyJeyGao
Copy link
Contributor Author

We will use #425 (for notation-go) and notaryproject/notation-core-go#125 (for notation-core-go) to track the CRL support of notation v1.3.0. Other future work items will be tracked in #428

@JeyJeyGao JeyJeyGao mentioned this issue Jul 23, 2024
Open
@binbin-li binbin-li mentioned this issue Jul 23, 2024
Open
1 task
@yizha1 yizha1 added this to the 1.3.0 milestone Jul 29, 2024
@yizha1 yizha1 removed the triage Needs evaluation for feasibility, timeline, etc. label Jul 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JeyJeyGao JeyJeyGao

Labels
enhancement New feature or request
Projects
Notary Project Planning Board
Status: Todo
Milestone
1.3.0
Development

No branches or pull requests
5 participants
@priteshbandi @shizhMSFT @JeyJeyGao @yizha1 @Two-Hearts