[Pki-devel] Feature page for DRM transport key rotation
Ade Lee
alee at redhat.com
Thu Sep 12 15:30:17 UTC 2013
Hi Andrew,
Just a couple of questions/comments.
1. Please update to indicate that this will be targeted to 10.1.
2. As you noted, many of the steps around the generation and propagation
of the transport keys will be provided as manual steps for 10.1. Its
likely though that we will want to provide restful interfaces to do
these operations, perhaps in 10.2. Please create trac tickets for this
- and we can triage accordingly.
3. If we have an old CA which communicates with a DRM, and it does not
supply a DRM certificate with the archival request, is there any way of
determining whether the transport cert used to encrypt the key is valid?
If it isn't, and there is no way of doing so, then we could end up
reporting success, when in fact the key would be indecipherable.
Ade
On Wed, 2013-09-11 at 15:12 -0700, Andrew Wnuk wrote:
> Feature page for DRM transport key rotation has been added:
> http://pki.fedoraproject.org/wiki/DRM_Transport_Key_Rotation
>
>
> Please review and provide comments.
> Thanks,
> Andrew
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list