[caops-wg] [igtf-general] Re: Certificate Profile document updated (to v0.14)

Alan Sill Alan.Sill at ttu.edu
Thu Jan 4 12:53:25 CST 2007 

Pinging the CA-Ops group on both of the issues raised by Mike below.   
(Similar message on item 2 already sent to the IGTF list just now  
separately.)

Alan

On Nov 10, 2006, at 2:08 PM, Mike Helm wrote:

>
> I haven't had time to get back to this for more review, but 2 things:
> (1) name constraints.  We need to say something about this.
> My understanding is that most grid middleware and many if not all  
> applications
> will not be able to deal with name constraints (it's a critical  
> extension,
> and most software doesn't know how to interpret it, and there are  
> continuing
> problems with the PKIX interpretation rules).
>
> I was also told recently both that openssl had name constraint  
> capability now,
> and that it didn't work.
>
> I think what we  need to say is that this extension cannot (must  
> not) be used currently
> in Grid middleware.  Perhaps that could be should not, since a  
> "private" grid
> might be able to pick & control x.509 software that can cope with  
> name constraints.
>
> (It's also useless, except in networks of CA's, but we probably  
> don't need to
> get into that.)
>
> (2) A subscriber asks about key usage settings for client & server  
> (this is
> the NS cert type extension, not the other possibility).  We set  
> both for
> people - in the old days in Grids, people set up one off servers with
> personal certs, and so it was a "requirement".  We are currently  
> recommending
> not to use NS types at all; does this need refining?
>
> Thanks, ==mwh
>
> --
>   caops-wg mailing list
>   caops-wg at ogf.org
>   http://www.ogf.org/mailman/listinfo/caops-wg

Alan Sill, Ph.D
TIGRE Senior Scientist, High Performance Computing Center
Adjunct Professor of Physics
TTU

====================================================================
:  Alan Sill, Texas Tech University  Office: Admin 233, MS 4-1167  :
:  e-mail: Alan.Sill at ttu.edu   ph. 806-742-4350  fax 806-742-4358  :
====================================================================




Alan Sill, Ph.D
TIGRE Senior Scientist, High Performance Computing Center
Adjunct Professor of Physics
TTU

====================================================================
:  Alan Sill, Texas Tech University  Office: Admin 233, MS 4-1167  :
:  e-mail: Alan.Sill at ttu.edu   ph. 806-742-4350  fax 806-742-4358  :
====================================================================

More information about the caops-wg mailing list