[caops-wg] document drafts on use of OCSP for IGTF CAs (profiling RFC5019 and relying party guidance)

[David Groep]

Dear all,

When we discussed the move to actual OCSP deployment for (large numbers of)
IGTF CAs last year during OGF, we came up with the idea of writing
two documents to facilitate this deployment:

* guidelines for IGTF CAs on how to quickly (and correctly) deploy
  authoritative OCSP responders, which profile to choose, and how
  to generate it. Basic on RFC5019 'light-weight' OCSP, but then
  with some documents and tooling to actually know what to do

* a guide for relying parties (and software coders) on how to set up their
  software and site to make use of OCSP services without causing an effective
  DDoS against the CAs.

We had foreseen a discussion in Rome on progressing the OCSP effort, and we
now face the sad duty of having to do that without Milan's guidance.
At least we should try and make some progress, relying on good examples and
hopefully leveraging some of Scott knowledge on 'real world' deployment.

It is also a topic which for which the documents can be partly IGTF
(where they concern policy and operations), and partly OGF CAOPS-WG
(where they concern profiling and standards).

I've made a basic and simple start with two Wiki pages:

 http://wiki.eugridpma.org/Main/OCSPDeploymentGuidelines
 http://wiki.eugridpma.org/Main/OCSPProfileForIGTFCAs

one for each document. I propose we review these during the Monday
session next week. Those in CAOPS who want to join at this stage,
you're welcome any time -- the meeting will have video connectivity
open for these discussions (hoping the video works). It will definitely
also be a topic for OGF in Charlottesville.

Details of the video conf will be at

 <https://www.eugridpma.org/meetings/2013-01/#video>

	Best regards,
	DavidG.

-- 
David Groep

** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group **
** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **