|
|
|
|
|
|
by upon_drumhead
737 days ago
|
|
|
when I said revocation system, I intended to convey something similar to Online Certificate Status Protocol, rather then a hardcoded list that needs to be synchronized between all the physical servers. You are correct though, you can keep a list and deploy it to all the nodes for revocation purposes. It's unfortunate that there's no RevokedKeysCommand to support building something like OCSP. |
|
|