Print

Print

robocert is not rendezvous key. It is something prior to x509 delegation so we no longer need robocert. rendezvous key is a time limited shared secret sent by the client to both endpoints, to facilitate TPC. It needs TLS.
Whether dCache want to support rendezvous key is something to be discussed. The primary TPC in HEP is http though not exclusive. The rendezvous key in xrootd is used where x509 infrastructure is not available (and likely the token infrastructure is also not available, somewhere outside of HEP).
When x509 goes away, in principle, we can use token for authentication and then use rendezvous key for TPC (to avoid a more complexed token chain reaction), though someone will say that token is only for authorization :-)


Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you commented.Message ID: <xrootd/xrootd/issues/1584/1063312302@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1584#issuecomment-1063312302", "url": "https://github.com/xrootd/xrootd/issues/1584#issuecomment-1063312302", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1