[caops-wg] Updates to GFD.125 and time line to completion

David Groep davidg at nikhef.nl
Tue Mar 13 16:01:21 EDT 2012 

Dear all,

Following the discussion today on the revision of the Grid Certificate
Profile (GFD.125), I have uploaded the base of the new document to
GridForge onder the CAOPS Working Drafts:

  https://forge.ogf.org/sf/go/doc16402

this version is still very much like the original GFD.125, except for
the following:
- the preamble now mentions it is a "recommendation"
- all references to RFC3280 have been replaced by 5280
- the ambiguity regarding emailAddress ("obsoleted" vs. "depricated")
  for its use in subject names for CAs and EECs has been resolved and
  is now in line with RFC5280
- emailAddress (or Email, or E) now MUST NOT be used in subject or
  issuer DNs

What still needs to be done, and for which your input is much appreciated:
- verify consistency with RFC5280 (following the 3280->5280 change)
- remove references to java version 1.4, and the by-now-dangerous
  recommendation to have the keylength smaller than 4096 (section 4.3).
  We should review the status of small key lengths on eTokens, where
  the maximum might be 4096 bits.

The aim is very much to get the new GFD out quickly as a recommendation
(instead of an information document), so the proposed changes have a
deliberately limited objective: make sure it is consistent and not wrong.
Other experience we may have gathered over the years and which can be
folded in quickly (and without much controversy) is also very
welcome.

The aim is to have a new document approved by the WG and ready for
public comment BEFORE the next OGF35 in Delft. So it must be done
by the end of May this year.

Comments on the list are welcome, and GridForge is always available for
uploads and comments as well.

	Best,
	DavidG.

-- 
David Groep

** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group **
** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4396 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.ogf.org/pipermail/caops-wg/attachments/20120313/90fb9dae/attachment.bin>

More information about the caops-wg mailing list