Presentation is loading. Please wait.

Presentation is loading. Please wait.

14 th EUGridPMA October 6-8, 2008 Lisbon. 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 2 David Groep – CRL NEXT UPDATE.

Similar presentations


Presentation on theme: "14 th EUGridPMA October 6-8, 2008 Lisbon. 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 2 David Groep – CRL NEXT UPDATE."— Presentation transcript:

1 14 th EUGridPMA October 6-8, 2008 Lisbon

2 3 rd TAGPMA ‘Austin’ meeting – Nov David Groep – CRL NEXT UPDATE

3 3 rd TAGPMA ‘Austin’ meeting – Nov David Groep – CRL Facts d /C=SG/O=Netrust Certificate Authority 1/OU=Netrust CA d879c6c /DC=ch/DC=cern/CN=CERN Trusted Certification Authority b59ecad /DC=cz/DC=cesnet-ca/CN=CESNET CA cc800af0 /C=HU/O=NIIF/OU=Certificate Authorities/CN=NIIF Root CA eebc7717 /C=CH/O=Switch -.../CN=SWITCH Server CA d3d1a0 /C=CH/O=Switch -.../CN=SWITCH Personal CA b95bbf2 /C=US/O=National Center for S.A./OU=Certificate Authorities/CN=CACL b9ba /C=TR/O=TRGrid/CN=TR-Grid CA a3f3 /DC=bg/DC=acad/CN=BG.ACAD CA d72 /C=RU/O=RDIG/CN=Russian Data-Intensive Grid CA aa0ecb /C=BE/O=BELNET/OU=BEGrid/CN=BEGrid a58577 /C=GR/O=HellasGrid/OU=Certification A.../CN=HellasGrid Root CA d254cc30 /DC=ch/DC=cern/CN=CERN Root CA bf40f /C=EE/O=Grid/CN=Estonian Grid Certification Authority cf4ba8c8 /C=FR/O=CNRS/CN=CNRS d0b701c0 /C=CH/O=Switch -.../CN=SWITCHgrid Root CA ef0ee5 /C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root

4 3 rd TAGPMA ‘Austin’ meeting – Nov David Groep – Classic Profile  Validity between 7 and 30 days  7 day CRLs implies continuous issuance

5 3 rd TAGPMA ‘Austin’ meeting – Nov David Groep – SLCS Profile  Validity between 3 days and ∞

6 3 rd TAGPMA ‘Austin’ meeting – Nov David Groep – Issues seen  Netrust CRL of 1 day triggers many warnings  PMA warnings of actual invalidity are common  Unavailability fo CRL is on average 20% at any time  The CERN TCA CRL of 2 days hardly causes any actual problems  A warning once every few months  The CESNET CRL of 7 days causes no problems  Manual 30 day CRLs give incidental problems

7 3 rd TAGPMA ‘Austin’ meeting – Nov David Groep – Proposal  Harmonize period between SLCS and Classic AP  at least 3 days before expiration  Only for on-line auto-generated CRLs  Manually generated CRLs and CRLs for off-line CAs stay at 7 days  Max life time for Classis AP stays at 30 days for issuing CAs


Download ppt "14 th EUGridPMA October 6-8, 2008 Lisbon. 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 2 David Groep – CRL NEXT UPDATE."

Similar presentations


Ads by Google