informartin
commented
2 years ago The current master has been rebased
Closed informartin closed 2 years ago
informartin
commented
2 years ago The current master has been rebased
This PR closes #21 and implements a mechanism to revoke certificates.
A Certificate Revocation List (CRL) is submitted to the chaincode that checks whether it has been signed appropriately and adds the included certificates to a list of revoked certificates. Every time a new signature is added or a signature is verified, it is checked if any certificate in the certificate chain was revoked, including root certificate. A signature is considered valid if the transaction timestamp of its submission to the chaincode was before the respective certificate was revoked or if it wasn't revoked at all.
CRLs can be submitted by root CAs as well as intermediary CAs.