Egothor/ZeroEcho
2
0
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects 1 Releases 2 Wiki Activity

Complete lifecycle operations currently exposed but not implemented #11

New Issue
Open
opened 2026-03-24 18:04:01 +01:00 by galambos · 0 comments
galambos commented 2026-03-24 18:04:01 +01:00
Owner
Copy Link

Several PKI operations are already exposed through service contracts but currently fail explicitly at runtime, for example:

  • CA rollover,
  • CA key rotation,
  • renew,
  • replace,
  • reissue,
  • request search limitations depending on SPI scope.

Why this matters

For a PKI platform aimed at strong operational maturity, “declared but not implemented” operations should either be completed or cleanly split out of the stable runtime surface.

Acceptance criteria

  • Inventory all currently exposed-but-unimplemented operations.
  • Decide for each whether to:
    • implement now,
    • postpone but keep explicitly unsupported,
    • move behind a narrower SPI/stability boundary.
  • Prioritize lifecycle features that are prerequisites for profile-driven issuance and infrastructure certificates.
Several PKI operations are already exposed through service contracts but currently fail explicitly at runtime, for example: - CA rollover, - CA key rotation, - renew, - replace, - reissue, - request search limitations depending on SPI scope. ## Why this matters For a PKI platform aimed at strong operational maturity, “declared but not implemented” operations should either be completed or cleanly split out of the stable runtime surface. ## Acceptance criteria - Inventory all currently exposed-but-unimplemented operations. - Decide for each whether to: - implement now, - postpone but keep explicitly unsupported, - move behind a narrower SPI/stability boundary. - Prioritize lifecycle features that are prerequisites for profile-driven issuance and infrastructure certificates.
galambos added this to the PKI Foundation Hardening and Regulated Operations Roadmap project 2026-03-24 18:56:06 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project PKI Foundation Hardening and Regulated Operations Roadmap
Assignees
Clear assignees
galambos gitea-ci
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Egothor/ZeroEcho#11
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?