Implement ICA2 as a special case of a subCA of ICA1 #161

New issue

Open

opened 2025-01-01 01:00:19 +00:00 by raito · 0 comments

raito commented 2025-01-01 01:00:19 +00:00 (Migrated from git.lix.systems)

Copy link

ICA2 has nothing special in this infrastructure, it should be a subCA property of ICA1, unlocking parallel paths for ICA2 for future intermediate CA rotations.

Once this is done, ICA1 should become a property of subCA of the offline root CA, enabling parallel paths for offline ICA1s for future intermediate CA rotations.

Once this is done, the root & intermediate CA components should support cross-signature enabling parallel paths for the root CA itself for future root CA rotations.

ICA2 has nothing special in this infrastructure, it should be a subCA property of ICA1, unlocking parallel paths for ICA2 for future intermediate CA rotations. Once this is done, ICA1 should become a property of subCA of the offline root CA, enabling parallel paths for offline ICA1s for future intermediate CA rotations. Once this is done, the root & intermediate CA components should support cross-signature enabling parallel paths for the root CA itself for future root CA rotations.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

staging

docs-afnix-fr

broker-flows

goaccess

alerting-to-zulip

better-backup-monitoring

forgejo-runners-sprinkles

abm

afnix-social-logins

hyp01

benchmarks

afnix-oidc

voidlinux-tenant

x86_builder_v6_only

besadii-release-branches

tom-hubrecht/audit

repair-ofborg

i-wish-i-had-jj-and-gerrit

scheduled-builds

gerrit-hydra

single-node-ceph

storage-project

cache-lix

email-groups

format

No results found.

Labels

Clear labels   

Compat/Breaking

Breaking change that won't be backward compatible

  

Difficulty/Architectural

Requires changes in multiple pieces of the stack: the Nix interpreter, etc.

  

Difficulty/Easy

Infrastructure beginner friendly tasks

  

Difficulty/Hard

Requires prior knowledge, research and design

  

Help Wanted

Looking for a first task to pick? This one is looking for somefew to do it as well!

  

Kind/Bug

Something is not working

  

Kind/Documentation

Documentation changes

  

Kind/Enhancement

Improve existing functionality

  

Kind/Feature

New functionality

  

Kind/Testing

Issue or pull request related to testing

  

Priority/Critical

The priority is critical

  

Priority/High

The priority is high

  

Priority/Low

The priority is low

  

Priority/Medium

The priority is medium

  

Reviewed/Confirmed

Issue has been confirmed

  

Reviewed/Duplicate

This issue or pull request already exists

  

Reviewed/Invalid

Invalid issue

  

Reviewed/Won't Fix

This issue won't be fixed

  

Security

This is a security issue

  

Silenced Alert

This issue was created to track a silenced alert which needs remediation work.

  

Status/Abandoned

Somebody has started to work on this but abandoned work

  

Status/Blocked

Something is blocking this issue or pull request

  

Status/Need More Info

Feedback is required to reproduce issue or to continue work

  

Status/Postponed

We can do this later

  

Tracking Issue

Umbrella issue of many things at the same time

No labels

Compat/Breaking

Difficulty/Architectural

Difficulty/Easy

Difficulty/Hard

Help Wanted

Kind/Bug

Kind/Documentation

Kind/Enhancement

Kind/Feature

Kind/Testing

Priority/Critical

Priority/High

Priority/Low

Priority/Medium

Reviewed/Confirmed

Reviewed/Duplicate

Reviewed/Invalid

Reviewed/Won't Fix

Security

Silenced Alert

Status/Abandoned

Status/Blocked

Status/Need More Info

Status/Postponed

Tracking Issue

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: afnix/infra#161

No description provided.