toggle quoted messageShow quoted text
You mean inside channel configuration MSPs, not peer MSPs. Not
sure if what I wrote below was clear.
On 1/1/20 6:23 AM, Adhav Pavan wrote:
I think we have to place CRL(generated by ca) in the MSP
folder and not inside peer.
Description for same:
Revoked Certificates: If
the identity of an actor has been revoked, identifying
information about the identity — not the identity itself —
is held in this folder. For X.509-based identities, these
identifiers are pairs of strings known as Subject Key
Identifier (SKI) and Authority Access Identifier (AKI) and
are checked whenever the X.509 certificate is being used to
make sure the certificate has not been revoked.
list is conceptually the same as a CA’s Certificate
Revocation List (CRL), but it also relates to the revocation
of membership from the organization. As a result, the
administrator of an MSP, local or channel, can quickly
revoke an actor or node from an organization by advertising
the updated CRL of the CA the revoked certificate as issued
by. This “list of lists” is optional. It will only become
populated as certificates are revoked.
Please correct me if I am wrong.
Cell Phone:+91-8390114357 E-Mail: adhavpavan@...
On Wed, Jan 1, 2020 at 3:49 AM
Nye Liu <nye@...
You have to update each applicable channel
configuration with the new crls. The peer/orderer MSP would
then be checked to make sure the entity making the channel
configuration update has permission to do so (depending on
whether the update is to an orderer system channel or an
application channel). This is my understanding but I could
be very wrong.
On Tue, Dec 31, 2019, 9:02
AM Hojjat Jashnniloofar <h.niloofar@...
a team worked KYC solution on heyperledger
fabric for last 2 years. We register each
user and enroll certificate for each user
and install keyPairs on user mobiles. In
case of lost or theft, we want to revoke
user certificate and reenroll them. We find
sdk functions for revoke and reenroll but we
want to ban old certificates to access the
chaincode methods. We can generate ca crl
but we don't know where we must place this
CRLs or how to enforce peers to check
certificate status before submit or evaluate
place this CRL (generated by ca) on peer in
still user can submit transaction by revoked
can help us in this case?