|
Post by nanzhou on Feb 18, 2022 22:17:14 GMT
Dear community,
I found X509 Certificates are currently modeled in Redfish schema as per DSP0268_2021.4. Section 6.16. However, I didn't find a corresponding resource type for Certificate Revocation Lists (CRLs).
Did I miss CRL somewhere, or currently we indeed didn't have modeled CRL.
Asked because we (Google) have use cases to install CRLs to Redfish Servers (OpenBMC based BMCs) for credentials rotation: that is, generate new root credentials, and revoke old issued certificates before expiration date. The current use case doesn't necessarily need CRL as a resource nor Redfish actions to upload CRLs. But we would like to know more about the status quo about CRLs in DMTF and future plans.
Thanks! Look forward to your replies.
|
|
|
Post by mraineri on Feb 21, 2022 13:23:11 GMT
When the certificate model was first established, the use cases brought forth have been focused on modeling and managing the certificates themselves. I think this is worth discussing further with others in the forum since it seems like a common use case in a security-conscious environment.
|
|
|
Post by nanzhou on Feb 25, 2022 0:54:33 GMT
Thanks for your reply! Should I invite people to this thread? How can I do that? Or you can help drive others attention?
|
|
|
Post by mraineri on Feb 25, 2022 13:41:16 GMT
If you have folks who are members of the DMTF, please bring their attention to this subject to help drive the discussions during meetings.
|
|