Task #4348
open
Get rid of the long term storage assumption from NDNCERT CA design
0%
Description
We cannot make the assumption that CA will have long term storage. For example, CA may not remember all issued certificates and renewal records.
A possible way is to put extra info into the certificate extension fields.
Besides, we may make use of the certificate extension to do more things. For instance, let CA trust anchor certificate carries ca introduction, and probe instructions? -> a new command tool to generate new cert? or change current key gen to accept mroe info.
Updated by Junxiao Shi about 6 years ago
We cannot make the assumption that CA will have long term storage.
This statement is wrong. The CA not only needs long term storage, but also needs to organize such storage into a blockchain so that it cannot deny having issued a certificate. Check out “certificate transparency” for the importance of this storage.