Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Force rotation proposal for upstream authority #47

Closed
wants to merge 2 commits into from

Conversation

MarcosDY
Copy link
Collaborator

@MarcosDY MarcosDY commented Sep 4, 2023

When using Upstream authorities, intermediate certificates are not part of bundle, because bundle is the upstream authority CA,
because of that we need to provide a way to propagate the list of tainted keys in case of X.509 authorities, (in JWT it is not required becase our JWT authority is always in datastore)


// The list of X.509 authorities that are no longer secure to use,
// and must be rotated.
repeated X509TaintedKey x509_tainted_keys = 6;
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is only required for x509 authorities, but it feels strange to not have the same list for JWT authorities, what do you think?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants