Skip to content

Add Authz revocation upon Cert revocation, by feature flag.#8799

Open
ezekiel wants to merge 8 commits into
mainfrom
ezekiel/sa-revoke-authorization
Open

Add Authz revocation upon Cert revocation, by feature flag.#8799
ezekiel wants to merge 8 commits into
mainfrom
ezekiel/sa-revoke-authorization

Conversation

@ezekiel

@ezekiel ezekiel commented Jun 15, 2026

Copy link
Copy Markdown
Member

No description provided.

aarongable
aarongable reviewed Jun 18, 2026
View reviewed changes
Comment thread sa/proto/sa.proto Outdated
@ezekiel ezekiel changed the title Add RevokeAuthorizations func to the SA gRPC service. Add Authz revocation upon Cert revocation, by feature flag. Jun 23, 2026
@ezekiel ezekiel mentioned this pull request Jun 30, 2026
Open
@ezekiel ezekiel marked this pull request as ready for review June 30, 2026 17:32
@ezekiel ezekiel requested a review from a team as a code owner June 30, 2026 17:32
@ezekiel ezekiel requested a review from jsha June 30, 2026 17:32
@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

@ezekiel, this PR appears to contain configuration and/or SQL schema changes. Please ensure that a corresponding deployment ticket has been filed with the new values.

1 similar comment
@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

@ezekiel, this PR appears to contain configuration and/or SQL schema changes. Please ensure that a corresponding deployment ticket has been filed with the new values.

@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

@ezekiel, this PR adds one or more new feature flags: RevokeAuthzsUponRevokeCert. As such, this PR must be accompanied by a review of the Let's Encrypt CP/CPS to ensure that our behavior both before and after this flag is flipped is compliant with that document.

Please conduct such a review, then add your findings to the PR description in a paragraph beginning with "CPS Compliance Review:".

@ezekiel

ezekiel commented Jun 30, 2026

Copy link
Copy Markdown
Member Author

CPS Compliance Review:

Our CP/CPS don't directly discuss authorization revocation - there ARE important points about authorization re-use time frames, including in the Baseline Requirements 4.2.1. This change does not modify authorization re-use time frames. After this change, authorizations may be revoked in a particular circumstance, which fully prevents their re-use regardless of their age.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aarongable aarongable aarongable left review comments
@jsha jsha Awaiting requested review from jsha jsha is a code owner automatically assigned from letsencrypt/boulder-developers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ezekiel @aarongable