[caops-wg] Proxy Certificates discussion

[Jesus Luna]

Dear all,
We have been reading the presentations made by some of you in the last 
GGF sessions and we would like to comment about OCSP and Proxy 
Certificates, due in part to the experience that we have achieved with 
our Open Grid Ocsp -OGRO- API and on the other hand with the spirit to 
finish as soon as possible the "OCSP requirements for Grids" document.
Next you'll receive three follow-ups to this email related with the 
Proxy Certificate's topic:
-First we will present our point of view about the proposal of encoding 
AIA in first-level Proxy Cert, as mentioned in the presentation 
"OCSP-GGF15.ppt" available on the CAOPS-WG' Web page.
-In second place we would like to comment about the "Which OCSP 
Responder to Trust?" topic, also mentioned in the PPT.
-Finally we would like to briefly present the results of some tests done 
in the last weeks with OGRO and its Grid Validation Policy. We have not 
only tested several policy configurations (i.e. signing the Requests, 
using nonces and sending OCSP over HTTPS), but also implemented a 
mechanism to further improve OCSP validation perfomance in Grids, called 
"OCSP Pre-validation" which is being beta-tested in our installations 
prior to be published in OGRO's Web page.

In any case, based in your comments we may be able to commit asap to the 
list the draft text for the document's Proxy Validation section.

Best regards form Barcelona,

Oscar & Jesus