diff options
author | Bogumil Zebek <bogumil.zebek@nokia.com> | 2021-07-22 08:54:32 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2021-07-22 08:54:32 +0000 |
commit | 8cf04372826916c1cd5e901367eb474cfe6918dc (patch) | |
tree | 2b5fc1a8b8edb1ac882d35ab7c0fd06574045cb1 /docs/sections/introduction.rst | |
parent | b151ffacf655f2e14f99c6850c53bee562c24e9e (diff) | |
parent | 94f1c9730e4aa28521906649a906742911782dd8 (diff) |
Merge "Update RTD with certificate update use case"2.4.0
Diffstat (limited to 'docs/sections/introduction.rst')
-rw-r--r-- | docs/sections/introduction.rst | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/docs/sections/introduction.rst b/docs/sections/introduction.rst index 023066b8..e46e207c 100644 --- a/docs/sections/introduction.rst +++ b/docs/sections/introduction.rst @@ -31,10 +31,12 @@ Functionality In Frankfurt release only `Initialization Request <https://tools.ietf.org/html/rfc4210#section-5.3.1>`_ with `ImplicitConfirm <https://tools.ietf.org/html/rfc4210#section-5.1.1.1>`_ is supported. -Request sent to CMPv2 server is authenticated by secret value (initial authentication key) and reference value (used to identify the secret value) as described in `RFC-4210 <https://tools.ietf.org/html/rfc4210#section-4.2.1.2>`_. +Istanbul release includes also support for `Key Update Request and Certification Request <https://tools.ietf.org/html/rfc4210#section-5.3.1>`_ +Initialization Request and Certification Request sent to CMPv2 server are authenticated by secret value (initial authentication key) and reference value (used to identify the secret value) as described in `RFC-4210 <https://tools.ietf.org/html/rfc4210#section-4.2.1.2>`_. +Key Update Request uses `signature protection <https://datatracker.ietf.org/doc/html/rfc4210#section-5.1.3.3>`_ so old certificate and private key are needed to authenticate the request. Security considerations ----------------------- -CertService's REST API is protected by mutual HTTPS, meaning server requests client's certificate and **authenticate** only requests with trusted certificate. After ONAP default installation only certificate from CertService's client is trusted. **Authorization** isn't supported in Frankfurt release.
\ No newline at end of file +CertService's REST API is protected by mutual HTTPS, meaning server requests client's certificate and **authenticate** only requests with trusted certificate. After ONAP default installation only certificate from CertService's client is trusted. **Authorization** isn't supported in Frankfurt release. |