[caops-wg] Issues with the Audit Guidelines Document GFD 169
David O'Callaghan
david.ocallaghan at cs.tcd.ie
Wed Oct 27 07:44:39 CDT 2010
Hi,
Ar 27.10.10 13:20, scríobh Reimer Karlsen-Masur, DFN-CERT:
> cool, many thanks, I will check the PDF later this week.
>
> Question to David O'Callaghan: Do you have any additional immediate obvious
> bug fix requests regarding GFD.169 that you wish to resolve now? Or are your
> issues more with the audit spreadsheet available from the eugridpma website?
The only one that springs to mind is:
Section 3.2.1 (5) An RA must validate the association of the certificate
signing request.
I don't understand the requirement (as someone familiar with PKI and as a
native English speaker!), and the audit guidelines document does not
explain, but just repeats it as a question "How does an RA validate the
association of the certificate signing request?"
I think the audit point should clarify the meaning of "the association":
* Does it mean the association between subscriber's identity and the CSR?
* Does it mean the association between the identity vetting performed by
the RA and the CSR?
* Does it mean the association between the private key and the public key
in the CSR?
* (or, less likely) Does it mean the subscriber's organization?
This requirement comes from section 3.1 of the Classic AP v4.3, so perhaps
my comment should be directed at that document.
Beyond that, I would need to spend some time to look at the updated document
and my notes from preparing for my EU Grid PMA Self Audit.
Kind regards,
David
--
Ánra Taighde - Scoil na hEolaíochta Ríomhaireachta ⁊ na Staitisticí,
Coláiste na Tríonóide, Baile Átha Cliath 2
Research Fellow - School of Computer Science & Statistics,
Trinity College, Dublin 2 Guthán / Telephone: +353 1 896 1720
More information about the caops-wg
mailing list