[Pki-devel] The Why's of PKI

Chandrasekar Kannan ckannan at redhat.com
Wed Sep 14 16:10:28 UTC 2011


On 09/14/2011 08:42 AM, Andrew Wnuk wrote:
> On 09/14/2011 05:31 AM, Chandrasekar Kannan wrote:
>> On 09/13/2011 05:48 PM, Andrew Wnuk wrote:
>>> On 09/13/2011 06:41 AM, Adam Young wrote:
>>>> The Layout of the PKI project is very unusual for a Java Server 
>>>> application.
>>>
>>>> I'm trying to understand the rationale for some of the things that 
>>>> were done.
>>>>
>>>> Why do we create a separate server instance for each subsystem?
>>>
>>> Because each subsystem is a standalone server.
>>
>> I'm not sure if it needs to be a stand alone server. It was designed 
>> and implemented as such
>> starting 10 years ago. It might be very well be a separated name 
>> space uri inside the same tomcat instance.
>
> They are standalone servers for reliability and availability reasons, 
> so single tomcat failure is not going to knock down all your servers 
> at the same time.

That is easily avoided by cloning...

>
>>
>>
>>>
>>>> Is a  reason to continue doing so?
>>>
>>> It provides great flexibility in deploying Certificate Server
>>
>> The same level of  flexibility can be achieved even with a single 
>> tomcat instance provided that instance configuration at install time 
>> takes care of tweaking stuff.
>>
>>>
>>>>
>>>> Is using different ports for CA and DRM (an so forth)  merely an 
>>>> artifact of using multiple servers, or is there an additional  
>>>> reason to do so?
>>>
>>> Pkicreate tool allows selecting any ports.  Pkicreate also suggests 
>>> ports for out of the box ease of use.
>>>
>>>>
>>>> Do we expect the same user to have and user different certificates 
>>>> for different servers,
>>>
>>> This is a matter of deployment strategy.
>>>
>>>> such that the certificate then becomes a union of authentication 
>>>> and authorization?
>>>
>>> Certificates are the source of identity.  Authorization is a 
>>> separate process based on verified identity.
>>>
>>>>
>>>> Is there a  reason to separate the CA and DRM Directory servers?
>>>
>>> Protection of archived keys.
>>
>> They could even stay protected - if there's a plan to consolidate.
>> In my mind Separation != protection.
>
> Separation is not equal protection, but it allows to apply appropriate 
> protection standards to specific data.

I'm yet to hear how it cannot be achieved otherwise when consolidated..

>
>>
>>>
>>>>   Is it a "best practice" to do so?  What would be the implications 
>>>> of using a single instance for both?
>>>>
>>>> Is there any reason why the CA uses an LDAP server instead of a 
>>>> Relational Database?
>>>
>>> X509 certificates are using the same distinguished names as LDAP.
>>> Many identity products are based on directories.
>>> Provides very secure access options.
>>> Provides robust replication over secure channel.
>>>
>>>>   Do we expect people to make queries dircetyl against the  CA  
>>>> DirSrv,
>>>
>>> No
>>>
>>>> or is the Database best hidden from public view?
>>>>
>>>> Why do we split the build process up into multiple Source RPMS?
>>>
>>>>   Is there a reason to maintain this split?
>>>>
>>>> Are there design documents or discussions for these decisions?
>>>
>>> Yes, please look for "Legacy Certificate Management System Website" 
>>> on the internal CS wiki.
>>
>> Sorry I dug through that pile. None answered the first question still 
>> so far for me. Why are these separate instances to begin with ?.
>>
>>
>>>
>>>>
>>>> _______________________________________________
>>>> Pki-devel mailing list
>>>> Pki-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/pki-devel
>>>
>>> _______________________________________________
>>> Pki-devel mailing list
>>> Pki-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-devel
>>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel




More information about the Pki-devel mailing list