Implement distribution of CA from Membership Services accross different servers

[dulcep]

Consider splitting the CAs to allow them to be distributed across different servers / ports, and potentially add local admin interfaces. This allows to have each CA running on a different machine and also be able to run multiple instances of each CA

[binhn]

Could we have a use-case to clarify this issue. I would prefer decentralized rather than distributed, but you might have meant the same thing.

[genggjh]

Currently the problem is: the CA server is a single point of failure, we could not find any document in obc-doc guide us to setup a HA or decentralized whatever CA server env. @binhn: Do we have any solution or plan on this?

[binhn]

@adecaro @elli-androulaki could we deploy CA server in a hot stand-by?

[dulcep]

Binh - yes, I meant decentralized, as not having a single point of failure

[binhn]

@genggjh yes, working on the design of that; we'll post something soon in the wiki, so please watch that and collaborate.

[mcr222]

Just wanted to add a comment to emphasize the importance, from my point of view, of this issue. HyperLedger is designed to work with a network of distrusting peers, if a centralized CA is needed then a trusted peer (by all peers) has to be added, which turns blockchain into a centralized network.

[markparz]

Can we add a new labels of Identity & CA and associate this?

[GuillaumeCisco]

Did this issue evolve ? I'm new to CA and don't know if it possible today to create a decentralized ca. Can someone point me to some extra information in the doc?

Thank you