ratify icon indicating copy to clipboard operation
ratify copied to clipboard

Published 20 hours ago verified publisher icon ratify-project

feat: certificate revocation

Open yizha1 opened this issue 1 year ago • 2 comments

What would you like to be added?

Certificate revocation is a process in which a certificate is deemed invalid before the end of its lifecycle. Here are some reasons:

  • The private key is compromised.
  • The certificate authority that issued this certificate was compromised.
  • User information had to be changed.

Ratify should support certificate revocation to distinguish invalid and untrusted certificates from valid trusted ones.

Anything else you would like to add?

No response

Are you willing to submit PRs to contribute to this feature?

  • [ ] Yes, I am willing to implement it.

yizha1 avatar Mar 26 '23 11:03 yizha1

@yizha1 as we discussed offline, this issue is probably just for tracking the notation cert revocation support. Could you update the issue and create new issues if we want to add revocation to Ratify as well?

binbin-li avatar Apr 27 '23 03:04 binbin-li

@binbin-li Sorry for not responding this issue in time. The cert revocation feature is supported by Notation as the verifier. I want to make sure that Ratify can log the correct reason that the signature verification failure is due to certificate revocation, then users can take proper actions based on it.

yizha1 avatar Jul 12 '23 13:07 yizha1