Rotate/revoke issuer.jwk throws error when origin auto-registers at registry #383
Labels
bug
Something isn't working
Comments
haoming29
changed the title
|
That's the expected / desired behavior: if you try to register with a different key, it should be an error (otherwise someone could pretty trivially steal your namespace). Separately, I would like to have a mechanism to rotate (add / delete) keys that are registered -- for example, if there are multiple origins under a single part of the namespace -- but you still need to have access to the old key to rotate. |
|
Closed with #561 opened |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to reproduce:
issuer.jwkunder/etc/pelican, and have an origin prefix registered at registry, say/origin1rm issuer.jwkdirector,registry, andoriginError: Namespace /origin1 already registered under a different keyI'm not sure what's the fix for this, which can initiate to some security policy discussions. @bbockelm What's your thoughts on this?
The text was updated successfully, but these errors were encountered: