Comment 3 for bug 1129713
Revision history for this message
| Thierry Carrez (ttx) wrote Re: Validation of PKI tokens bypasses revocation check | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
Isn't the benefit of PKI tokens that you don't have to validate them against the Keystone server directly ? Is that direct check called by clients anywhere (think when Nova receives a PKI token) ? On the other hand, would the crypto validation check revocation ? I'm trying to see if this is worth an advisory, or if it's really a corner case. Opinions welcome.