Support certificate revocation list(CRL) Design #1652

binbin-li · 2024-07-23T06:27:41Z

What would you like to be added?

Certificate validation is an essential step during signature validation. Currently Ratify supports checking for revoked certificates through OCSP supported by notation-go library. However, OCSP validation requires internet connection for each validation while CRL could be cached for better performance. As notary-project is adding the CRL support for notation signature validation, Ratify could utilize it for free.

Anything else you would like to add?

No response

Are you willing to submit PRs to contribute to this feature?

Yes, I am willing to implement it.

binbin-li added enhancement New feature or request triage Needs investigation and removed triage Needs investigation labels Jul 23, 2024

binbin-li added this to the v1.4.0 milestone Jul 25, 2024

junczhu self-assigned this Aug 10, 2024

junczhu mentioned this issue Sep 18, 2024

docs: add CRL Design #1789

Merged

9 tasks

susanshi closed this as completed in #1789 Oct 22, 2024

junczhu changed the title ~~Support certificate revocation list(CRL)~~ Support certificate revocation list(CRL) Design Nov 1, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support certificate revocation list(CRL) Design #1652

Support certificate revocation list(CRL) Design #1652

binbin-li commented Jul 23, 2024

Support certificate revocation list(CRL) Design #1652

Support certificate revocation list(CRL) Design #1652

Comments

binbin-li commented Jul 23, 2024

What would you like to be added?

Anything else you would like to add?

Are you willing to submit PRs to contribute to this feature?