Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce "previous" key slot #4271

Open
MarcosDY opened this issue Jun 20, 2023 · 4 comments
Open

Introduce "previous" key slot #4271

MarcosDY opened this issue Jun 20, 2023 · 4 comments
Labels
priority/backlog Issue is approved and in the backlog unscoped The issue needs more design or understanding in order for the work to progress

Comments

@MarcosDY
Copy link
Collaborator

MarcosDY commented Jun 20, 2023
edited
Loading

Journal, keep 2 slots, Active and Next, where Active keeps the current in use authority, and next keeps the prepared and the old authority.
With this approach, we lose the Old authority when a new authority is prepared, for force rotation it will be good to keep Old authority for more time.

It is in response of discussion on PR comment
@MarcosDY MarcosDY converted this from a draft issue Jun 20, 2023
@MarcosDY MarcosDY added the triage/in-progress Issue triage is in progress label Jun 20, 2023
@azdagron azdagron added priority/backlog Issue is approved and in the backlog unscoped The issue needs more design or understanding in order for the work to progress and removed triage/in-progress Issue triage is in progress labels Jun 20, 2023
@azdagron
Copy link
Member

This seems valuable. I think in order to not impact existing deployments we need to figure out a way to not make folks pay the cost for this until necessary, e.g., when they exercised a revocation flow.

@MarcosDY MarcosDY mentioned this issue Jun 22, 2023
Merged
@github-actions GitHub Actions
Copy link

This issue is stale because it has been open for 365 days with no activity.

@github-actions github-actions bot added the stale label Jun 19, 2024
@azdagron
Copy link
Member

@MarcosDY is this still relevant?

@MarcosDY MarcosDY removed the stale label Jun 20, 2024
@MarcosDY
Copy link
Collaborator Author

We need to discuss about this one, it is going to be something useful to keep OLD authorities a little longer,
so we increment the windows we have to taint/revoke a key

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority/backlog Issue is approved and in the backlog unscoped The issue needs more design or understanding in order for the work to progress
Projects
Force rotation and bundle revocation
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MarcosDY @azdagron