https://redmine.named-data.net/https://redmine.named-data.net/favicon.ico?14759811232016-03-05T14:05:31ZNDN project issue tracking systemNFD - Task #3515: Request all expired node and user certificates be manually updatedhttps://redmine.named-data.net/issues/3515?journal_id=148102016-03-05T14:05:31ZJeff Burkejaburke@gmail.com
<ul><li><strong>Blocks</strong> <i><a class="issue tracker-3 status-5 priority-2 priority-default closed" href="/issues/3513">Task #3513</a>: [NdnCon] Change user prefix to be compatible with auto prefix propagation</i> added</li></ul> NFD - Task #3515: Request all expired node and user certificates be manually updatedhttps://redmine.named-data.net/issues/3515?journal_id=148122016-03-05T14:28:36ZJeff Burkejaburke@gmail.com
<ul><li><strong>Subject</strong> changed from <i>Fix testbed cert issuing mechanism</i> to <i>Request all expired node and user certificates be manually updated</i></li><li><strong>Assignee</strong> changed from <i>Yingdi Yu</i> to <i>Jeff Burke</i></li></ul><p>Per AlexA, things are operating correctly now, but expired certs for nodes and users need to be manually re-requested as there is no roll-over mechanism yet. </p>
<p>If this is correct, I'll work with John DeHart to request everyone update their certs, and we can work on transitioning the namespace for NDN-RTC as a breaking change in the next version.</p>
<p>Please confirm.</p>
NFD - Task #3515: Request all expired node and user certificates be manually updatedhttps://redmine.named-data.net/issues/3515?journal_id=148182016-03-06T08:15:21ZJeff Burkejaburke@gmail.com
<ul></ul><p>Site certs to be updated by John Dehart. Peter, can you incorporate updating user certs into current ndncon test instructions? </p>
NFD - Task #3515: Request all expired node and user certificates be manually updatedhttps://redmine.named-data.net/issues/3515?journal_id=148222016-03-06T08:43:59ZJunxiao Shi
<ul></ul><blockquote>
<p>incorporate updating user certs into ndncon test instructions</p>
</blockquote>
<p>Requesting user certificate right before <em>NdnCon</em> conference would be too late.<br><br>
ndncert requires operator approval, which is not instantaneous.<br>
Per <a href="https://ndnpub.caida.org/bin/view/NDN/TestbedJoinPolicy" class="external">testbed policy</a>, operator has up to 24 hours to respond.<br><br>
Instead, <em>ndncert</em> should automatically notify the user when his/her certificate is less than 18 days before expiration, similar to what <em>Let's Encrypt</em> does.</p>
<p>Before an automated notification system is in place, I suggest sending bulk emails to every user who has an expired certificate, after site certificates are up to date.<br><br>
You may use this script to find all expired certificates (pipe its output to <code>| column -t</code> for a nicer view):</p>
NFD - Task #3515: Request all expired node and user certificates be manually updatedhttps://redmine.named-data.net/issues/3515?journal_id=150252016-03-13T17:25:27ZJeff Burkejaburke@gmail.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li></ul><p>Per John DeHart's email to the operators list, <a href="http://lists.named-data.net/mailman/private/operators/2016-March/001011.html">http://lists.named-data.net/mailman/private/operators/2016-March/001011.html</a> the site certs are updated and user certs can be reissued.</p>