Project

General

Profile

Task #3515

Request all expired node and user certificates be manually updated

Added by Jeff Burke about 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
03/05/2016
Due date:
% Done:

0%

Estimated time:

Description

Cert mechanism on testbed is apparently still broken? (See messages to operators list in Jan '16.) Please fix or indicate plan for resolution.


Related issues

Blocks ndnrtc - Task #3513: [NdnCon] Change user prefix to be compatible with auto prefix propagationClosed03/16/2016

Actions

History

#1

Updated by Jeff Burke about 4 years ago

  • Blocks Task #3513: [NdnCon] Change user prefix to be compatible with auto prefix propagation added
#2

Updated by Jeff Burke about 4 years ago

  • Subject changed from Fix testbed cert issuing mechanism to Request all expired node and user certificates be manually updated
  • Assignee changed from Yingdi Yu to Jeff Burke

Per AlexA, things are operating correctly now, but expired certs for nodes and users need to be manually re-requested as there is no roll-over mechanism yet.

If this is correct, I'll work with John DeHart to request everyone update their certs, and we can work on transitioning the namespace for NDN-RTC as a breaking change in the next version.

Please confirm.

#3

Updated by Jeff Burke about 4 years ago

Site certs to be updated by John Dehart. Peter, can you incorporate updating user certs into current ndncon test instructions?

#4

Updated by Junxiao Shi about 4 years ago

incorporate updating user certs into ndncon test instructions

Requesting user certificate right before NdnCon conference would be too late.

ndncert requires operator approval, which is not instantaneous.
Per testbed policy, operator has up to 24 hours to respond.

Instead, ndncert should automatically notify the user when his/her certificate is less than 18 days before expiration, similar to what Let's Encrypt does.

Before an automated notification system is in place, I suggest sending bulk emails to every user who has an expired certificate, after site certificates are up to date.

You may use this script to find all expired certificates (pipe its output to | column -t for a nicer view):

#5

Updated by Jeff Burke about 4 years ago

  • Status changed from New to Closed

Per John DeHart's email to the operators list, http://lists.named-data.net/mailman/private/operators/2016-March/001011.html the site certs are updated and user certs can be reissued.

Also available in: Atom PDF