Scribd Logo
Importer

Bienvenue sur Scribd !

  • Projects: Edit Attach Printable

    Transféré par

    api-14194384
    50 vues3 pages
    DOEGrids client (EE) certificate profile Objectives: Flexibility X.509 Classic profile compliance Strong GCD.125 compliance Rank=0 means, this is the current state (included for convenience) What are the correct attributes for S / MIME and client cert auth? Does GridAdmin? and scripting trigger the correct profile use in the CA?

    Description originale:

    Titre original

    null

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    DOEGrids client (EE) certificate profile Objectives: Flexibility X.509 Classic profile compliance Strong GCD.125 compliance Rank=0 means, this is the current state (included for convenience) What are the correct attributes for S / MIME and client cert auth? Does GridAdmin? and scripting trigger the correct profile use in the CA?

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    50 vues3 pages

    Projects: Edit Attach Printable

    Transféré par

    api-14194384
    DOEGrids client (EE) certificate profile Objectives: Flexibility X.509 Classic profile compliance Strong GCD.125 compliance Rank=0 means, this is the current state (included for convenience) What are the correct attributes for S / MIME and client cert auth? Does GridAdmin? and scripting trigger the correct profile use in the CA?

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 3

    ATFDOEGGCP < Projects < TWiki https://projects.es.

    net/wiki/bin/view/Projects/ATFDOEGGCP

    Jump:

    Projects Edit Attach Printable Projects.ATFDOEGGCP r1.3 - 26 Mar 2009 - 16:37 -


    MikeHelm topic end
    *Home

    Changes
    Index
    Search

    Webs
    Administration
    Compliance
    Main
    Projects
    Property
    Sandbox
    StratDocs
    TGL
    TWiki

    My links
    My home page
    ?

    edit

    1 of 3 3/26/2009 4:39 PM
    ATFDOEGGCP < Projects < TWiki https://projects.es.net/wiki/bin/view/Projects/ATFDOEGGCP

    Upgrading DOEGrids client (EE) certificate profile

    Objectives:
    Flexibility
    X.509 Classic profile compliance
    Strong GCD.125 compliance

    Rank=0 means, this is the current state (included for convenience).

    Attribute Critical? Value Works? Rank


    y, but side effect
    BasicConstraints critical CA=false adds 15
    pathlenconstraint
    no - cannot
    pathLenConstraint remove from 7.1;
    BasicConstraints critical 15
    absent will experiment
    with 7.3
    CP-CPS +
    certificatePolicies no X.509Classic + y 1
    1SCP-TTP
    CP-CPS +
    certificatePolicies person no X.509Classic + 1
    1SCP-TTP
    CP-CPS +
    certificatePolicies server no 5
    X.509Classic
    CP-CPS +
    certificatePolicies person + h/w token no X.509Classic + 5
    1SCP-SecureToken
    nonRepudiation =
    KeyUsage critical y 1
    drop
    KeyUsage critical KeyEncipherment y 0
    KeyUsage critical DataEncipherment 2
    extendedKeyUsage person no clientAuth 3
    extendedKeyUsage server no serverAuth 3
    SSL Client, Secure
    nsCertType person no y 0
    Email (SMIME)
    SSL Client, SSL
    nsCertType server no y 0
    Server
    nsCertType no drop 4
    AuthorityInfoAccess no id-ad-caIssuers 5
    Requires
    certificatePolicies.userNotice.explicitText no RequestID? 5
    development effort

    Issues
    PathLenConstraint?
    What EKU to use? Does everyone get both clientAuth and serverAuth, or by cert type?
    What are the correct attributes for S/MIME and client cert auth?
    Does GridAdmin? & scripting trigger the correct profile use in the CA?
    Renewal/replacement must select proper mix of cert attributes

    -- MikeHelm - 19 Mar 2009


    to top

    Edit | Attach image or document | Printable version | Raw text | More topic actions
    Revisions: | r1.3 | > | r1.2 | > | r1.1 | Total page history | Backlinks

    You are here: Projects > ATF > ATFPROJ > ATFDGCPS > ATFDOEGCPSDox > ATFDOEGGCP

    2 of 3 3/26/2009 4:39 PM
    ATFDOEGGCP < Projects < TWiki https://projects.es.net/wiki/bin/view/Projects/ATFDOEGGCP

    to top

    Copyright © 1999-2009 by the contributing authors. All material on this collaboration platform is the property of
    the contributing authors.
    Ideas, requests, problems regarding TWiki? Send feedback

    3 of 3 3/26/2009 4:39 PM

    Vous aimerez peut-être aussi