Vous êtes sur la page 1sur 3

ATFDOEGGCP < Projects < TWiki

ATFDOEGGCP < Projects < TWiki https://projects.es.net/wiki/bin/view/Projects/ATFDOEGGCP Jump: Projects Edit

https://projects.es.net/wiki/bin/view/Projects/ATFDOEGGCP

Jump:

Jump: Projects Edit Attach Printable Projects.ATFDOEGGCP r1.3
Projects Edit Attach Printable Projects.ATFDOEGGCP r1.3 - 26 Mar 2009 - 16:37 - MikeHelm topic
Projects
Edit
Attach
Printable
Projects.ATFDOEGGCP r1.3 - 26 Mar 2009 - 16:37 -
MikeHelm topic end
*Home
Changes
Index
Search
Webs
Administration
Compliance
Main
Projects
Property
Sandbox
StratDocs
TGL
TWiki
My links
My home page
?
edit

ATFDOEGGCP < Projects < TWiki

https://projects.es.net/wiki/bin/view/Projects/ATFDOEGGCP

Upgrading DOEGrids client (EE) certificate profile

Objectives:

FlexibilityDOEGrids client (EE) certificate profile Objectives: X.509 Classic profile compliance Strong GCD.125 compliance

X.509 Classic profile complianceclient (EE) certificate profile Objectives: Flexibility Strong GCD.125 compliance Rank=0 means, this is the current

Strong GCD.125 complianceObjectives: Flexibility X.509 Classic profile compliance Rank=0 means, this is the current state (included for

Rank=0 means, this is the current state (included for convenience).

Attribute

Critical?

Value

Works?

Rank

     

y, but side effect

 

BasicConstraints

critical

CA=false

adds

1 5

pathlenconstraint

     

no - cannot

 

BasicConstraints

critical

pathLenConstraint

remove from 7.1;

1 5

absent

will experiment

with 7.3

   

CP-CPS +

   

certificatePolicies

no

X.509Classic +

y

1

1SCP-TTP

   

CP-CPS +

   

certificatePolicies person

no

X.509Classic +

1

1SCP-TTP

   

CP-CPS +

   

certificatePolicies server

no

X.509Classic

5

   

CP-CPS +

   

certificatePolicies person + h/w token

no

X.509Classic +

5

1SCP-SecureToken

   

nonRepudiation =

   

KeyUsage

critical

drop

y

1

KeyUsage

critical

KeyEncipherment

y

0

KeyUsage

critical

DataEncipherment

 

2

extendedKeyUsage person

no

clientAuth

 

3

extendedKeyUsage server

no

serverAuth

 

3

   

SSL Client, Secure

   

nsCertType person

no

Email (SMIME)

y

0

   

SSL Client, SSL

   

nsCertType server

no

Server

y

0

nsCertType

no

drop

 

4

AuthorityInfoAccess

no

id-ad-caIssuers

 

5

   

RequestID ?

Requires

 

certificatePolicies.userNotice.explicitText

no

development effort

5

Issues

PathLenConstraint ? ?

What EKU to use? Does everyone get both clientAuth and serverAuth , or by cert type? clientAuth and serverAuth , or by cert type?

What are the correct attributes for S/MIME and client cert auth?get both clientAuth and serverAuth , or by cert type? Does GridAdmin ? & scripting trigger

Does GridAdmin ? & scripting trigger the correct profile use in the CA? GridAdmin ? & scripting trigger the correct profile use in the CA?

Renewal/replacement must select proper mix of cert attributes& scripting trigger the correct profile use in the CA? -- MikeHelm - 19 Mar 2009

-- MikeHelm - 19 Mar 2009

to top

Edit | Attach image or document | Printable version | Raw text | More topic actions Revisions: | r1.3 | > | r1.2 | > | r1.1 | Total page history | Backlinks

You are here: Projects > ATF > ATFPROJ > ATFDGCPS > ATFDOEGCPSDox > ATFDOEGGCP

ATFDOEGGCP < Projects < TWiki

https://projects.es.net/wiki/bin/view/Projects/ATFDOEGGCP

to top

Copyright © 1999-2009 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback