Presentation is loading. Please wait.

Presentation is loading. Please wait.

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Nov 7 nd, 2008.

Published byAlban Dorsey Modified over 8 years ago

Similar presentations

Presentation on theme: "Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Nov 7 nd, 2008."— Presentation transcript:

1 Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Nov 7 nd, 2008

2 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 2 David Groep – davidg@eugridpma.org Updates  Propose to change the Classic AP  Improved wording  RobotReady™  Accommodate GFD.125  Better CRL handling  Realistic re-keying  See also http://www.eugridpma.org/guidelines/ IGTF-AP-classis-difference-4-1-to-4-2.pdf

3 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 3 David Groep – davidg@eugridpma.org Identity vetting rules  Updates to better reflect existence of robot certificates

4 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 4 David Groep – davidg@eugridpma.org Wording improvements on CA/RA  New wording to accommodate CP/CPS-es with a secure but novel method for securing CA-RA communications  Updates on the rekeying and renewal section  Better wording and expression of intent

5 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 5 David Groep – davidg@eugridpma.org The CA issuing system  Improved wording on issuing system

6 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 6 David Groep – davidg@eugridpma.org Certificate Profile – GFD.125 cleanup  Cleanup after accepting GFD.125

7 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 7 David Groep – davidg@eugridpma.org Certificate Profile - OIDs  New text makes it explicit that the OID of the profile MUST be included in the certificates issued under this profile  Also, add relevant 1SCP OID This will enable relying parties to make judgements based on the OIDs … and will get us out of the chicken-and-egg mess

8 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 8 David Groep – davidg@eugridpma.org Revocation  Accommodate on-line CAs that can auto-reissue a CRL frequently, and make up for too-short CRLs

9 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 9 David Groep – davidg@eugridpma.org Subscriber due diligence  Improved wording

10 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 10 David Groep – davidg@eugridpma.org Implementation  EUGridPMA has standing guidelines to implement changes in the profile within 6 mo  Please have a look at these proposed changes

11

Download ppt "Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Nov 7 nd, 2008."

Similar presentations

© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.

© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.
RPKI Certificate Policy Status Update Stephen Kent.

RPKI Certificate Policy Status Update Stephen Kent.
14 th EUGridPMA October 6-8, 2008 Lisbon. 3 rd TAGPMA ‘Austin’ meeting – Nov 2006 - 2 David Groep – CRL NEXT UPDATE.

14 th EUGridPMA October 6-8, 2008 Lisbon. 3 rd TAGPMA ‘Austin’ meeting – Nov David Groep – CRL NEXT UPDATE.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
CVE-2008-0166, lessons learned and actions David Groep, Nov 7 nd, 2008.

CVE , lessons learned and actions David Groep, Nov 7 nd, 2008.
Updates from the EUGridPMA David Groep, Oct 11 th, 2011.

Updates from the EUGridPMA David Groep, Oct 11 th, 2011.
Updates from the EUGridPMA David Groep, Apr 8 nd, 2008.

Updates from the EUGridPMA David Groep, Apr 8 nd, 2008.
Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, 01-03 October 2002 Marco Casassa Mont Richard.

Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, October 2002 Marco Casassa Mont Richard.
IOTA Questions for RPs Sept 9, 2013 Bucharest, Romania.

IOTA Questions for RPs Sept 9, 2013 Bucharest, Romania.
LiveAP Towards Differentiated Identity Assurance David Groep, Nikhef supported by the Netherlands e-Infrastructure SURFsara, and EGI.eu O-E-15 and EGI-InSPIRE.

LiveAP Towards Differentiated Identity Assurance David Groep, Nikhef supported by the Netherlands e-Infrastructure SURFsara, and EGI.eu O-E-15 and EGI-InSPIRE.
Large-scale issuing of host certs in a member-integrated or institutional CA environment.

Large-scale issuing of host certs in a member-integrated or institutional CA environment.
The CA Distribution Process David Groep, July 2007.

The CA Distribution Process David Groep, July 2007.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
Revocation in MICS §4.4 May 11-13, 2009 Zürich, Switzerland.

Revocation in MICS §4.4 May 11-13, 2009 Zürich, Switzerland.

Similar presentations

Ads by Google