[caops-wg] Certificate Bridging and the Grid Certificate Profile version 0.21
Scott Rea
Scott.Rea at Dartmouth.EDU
Tue Mar 27 13:23:05 CDT 2007
Mike,
Using AKI is definitely recommended for Bridging - it makes it easier to
discover appropriate paths. The SURA documentation is not advising
against this, they are in fact recommending that you do use it - but use
the keyid version rather than the dirname version.
AKI can be populated with multiple values, SURA recommends that you
simply use the keyid value only as this works with the bridge and the
globus software as they have configured it.
Regards,
-Scott
Mike 'Mike' Jones wrote:
>
> Hi folks,
>
> I've just been asked to add an LSU grid certificate to one of our
> servers. We sometimes do things like this as a special case reading
> the CP/CPS where available. However, that's not the point of this email!
>
> Poking around the web for details of the
> "/O=Louisiana State University/OU=CCT/OU=ca.cct.lsu.edu/CN=CCT CA"
> Certificate Authority I came across the SURAgrid bridge CA. In their
> documentation they advise _against_ using the Authority Key Identifier
> (for obvious reasons). The Grid Certificate Profile draft currently
> recommends that AKID be used (table in section 2.4). Might it be
> appropriate for us to add a note that by doing this one essentially
> removes the possibility for joining a bridging scheme such as
> https://www.pki.virginia.edu/nmi-bridge/ ?
>
> Cheers,
> Mike
> ------------------------------------------------------------------------
>
> --
> caops-wg mailing list
> caops-wg at ogf.org
> http://www.ogf.org/mailman/listinfo/caops-wg
--
Scott Rea
Director, HEBCA|USHER Operating Authority
Dartmouth Senior PKI Architect
Peter Kiewit Computing Services
Dartmouth College
058 Sudikoff, HB 6238
Hanover, NH 03755
Em: Scott.Rea at Dartmouth.edu
Ph#(603) 646-0968
Ot#(603) 646-9181
Fx#(603) 646-9019
Ce#(603) 252-7339
More information about the caops-wg
mailing list