Project

General

Profile

Story #2548

recasting untrusted certs to public poses accessibility inconsistency to users

Added by Rob Nahf over 12 years ago. Updated almost 7 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Authentication, Authorization
Target version:
-
Start date:
2012-03-27
Due date:
% Done:

0%

Story Points:
Sprint:
Infrastructure backlog

Description

KNB recasts a connection with an untrusted certificate to public, so that a client does not get "less than public" privileges.
GMN throws an InvalidToken in this situation.
both refuse connections from clients with expired certificates from trusted CAs.

This approach can cause confusion caused when the user unwittingly uses an untrusted certficate and doesn't get what they expected. If these connections were instead refused, the user would be alerted and could reconnect as a public user, if it chose.

brief discussion found at line 97 of : http://epad.dataone.org/20120131-authn-authz-questions

  • when would honest users be in this situation?
  • elicit advantages of recasting approach
  • either way, dataone should implement uniform behavior across CN and MNs.

Subtasks

Task #2549: document the decisionNewMatthew Jones

Task #2551: test feasibility of apache rejecting non-verified certificates ClosedRoger Dahl

Related issues

Related to Infrastructure - Bug #2411: knb MNs and CNs allow self-signed certificates to connect In Progress 2014-10-01 2014-10-01
Related to Java Client - Story #6570: libclient should give better indication of expired certificates Closed

History

#1 Updated by Dave Vieglais almost 7 years ago

  • Sprint set to Infrastructure backlog

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)