Project

General

Profile

Actions

Task #4348

open

Get rid of the long term storage assumption from NDNCERT CA design

Added by Zhiyi Zhang about 7 years ago. Updated over 6 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Start date:
10/18/2017
Due date:
% Done:

0%

Estimated time:

Description

We cannot make the assumption that CA will have long term storage. For example, CA may not remember all issued certificates and renewal records.
A possible way is to put extra info into the certificate extension fields.

Besides, we may make use of the certificate extension to do more things. For instance, let CA trust anchor certificate carries ca introduction, and probe instructions? -> a new command tool to generate new cert? or change current key gen to accept mroe info.

Actions #1

Updated by Junxiao Shi over 6 years ago

We cannot make the assumption that CA will have long term storage.

This statement is wrong. The CA not only needs long term storage, but also needs to organize such storage into a blockchain so that it cannot deny having issued a certificate. Check out “certificate transparency” for the importance of this storage.

Actions

Also available in: Atom PDF