Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cancel CSR in case it's rejected (with authority) #1043

Closed
timbru opened this issue Apr 27, 2023 · 1 comment
Closed

Cancel CSR in case it's rejected (with authority) #1043

timbru opened this issue Apr 27, 2023 · 1 comment
Projects

Comments

@timbru
Copy link
Contributor

timbru commented Apr 27, 2023

In case an open CSR is rejected by the parent, and we know for certain that it's positively rejected - i.e. a validly signed response tells us - rather than a connection or other failure..

Then the open CRS should be removed, because re-sending it will never work.

In a related context: we should also think about identifying that a parent no longer knows us. But unfortunately, this is not trivial to do securely. There is no clearly defined signed response that we can check for this. So, this may require future standards extensions.

@timbru timbru created this issue from a note in Krill 0.13.x (To do) Apr 27, 2023
@timbru timbru removed this from To do in Krill 0.13.x May 26, 2023
@timbru timbru added this to To do in 0.14.x via automation May 26, 2023
@timbru timbru moved this from To do to In progress in 0.14.x Sep 30, 2023
@timbru
Copy link
Contributor Author

timbru commented Sep 30, 2023

Closing as "won't fix" for now.

See this code

Essentially, the normal reasons a CSR is rejected already result in dropping the resource class (and the request). It is unclear how to recover from other cases.

To the best of our knowledge, these cases don't happen in practice, but if anyone runs into cases that seem to indicate otherwise, please re-open this issue.

@timbru timbru closed this as not planned Won't fix, can't repro, duplicate, stale Sep 30, 2023
0.14.x automation moved this from In progress to Done Sep 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Development

No branches or pull requests

1 participant