Closed pki-bot closed 4 years ago
Comment from jmagne (@jmagne) at 2013-06-14 02:20:54
This ticket can be treated as one aspect of the general effort to allow the user to override our fairly rigid recovery policy. The external db record driven procedure to be implemented will only adhere to what the db record tells us to do. CFU and I will make sure this specific requirement will be taken care of as well. Will work more closely on this when cfu has the high level support for the procedure discussed in the other ticket.
Comment from cfu (@cfu) at 2013-06-17 20:45:40
This ticket is specific to the "Framework" and "Prototype" part of the TPS Revocation Enhancement work.
Comment from cfu (@cfu) at 2013-07-11 18:16:26
https://bugzilla.redhat.com/show_bug.cgi?id=927312#c10 The above checkin provides the following Framework and prototype:
Framework - per Base External Registration Design: http://pki.fedoraproject.org/wiki/TPS_-_New_Recovery_Option:_External_Registration_DS#Base_External_Registration_Design
Prototype -
What the prototype will NOT do: the actual key injection or deletion from the token. Because of this, the prototype currently only works for tpsclient. The new key recovery and revocation processing functions always returns true after successful recovery of keys/certs and revocation.
Comment from cfu (@cfu) at 2013-07-11 18:34:46
In Phase 2 of this task, the following main feature/issues will be addressed:
And some "loose ends" will be addressed, such as (not limited to):
Comment from cfu (@cfu) at 2013-07-25 23:03:11
https://bugzilla.redhat.com/show_bug.cgi?id=927312#c17 The above checkin provides the following feature and its prototype:
Feature - Delegation Feature per design on http://pki.fedoraproject.org/wiki/TPS_-_New_Recovery_Option:_External_Registration_DS#Delegation_Design
CA new profiles:
TPS new profiles:
Provides:
What is not (yet) covered:
Comment from jmagne (@jmagne) at 2013-09-06 20:57:45
WE have provided this fix to QA and the customer as a beta. Closing
Comment from nkinder (@nkinder) at 2017-02-27 14:01:20
Metadata Update from @nkinder:
This issue was migrated from Pagure Issue #575. Originally filed by nkinder (@nkinder) on 2013-03-26 04:55:23:
Require the ability to recover non-revoked/expired certificates to an active token.