I second Charles here. These is a definite need for a method for
users to get bootstrapped with X.509 certificates without the whole
overhead of a PKI.
We are probably to the point where a MyProxy on-line CA could do
this better than SimpleCA (IMHO), but there is some documentation
required.
Von
Charles Bacon wrote:
On Jul 23, 2008, at 8:37 AM, Alan Sill wrote:
These observations are correct. For any extended (i.e., non-test)
grid with any intention to operate in a CA an accredited manner,
however, the use of SimpleCA would not be recommended in any case.
Personally, I wish the Globus team would de-emphasize its inclusion of
SimpleCA and decouple it from the Globus documentation.
If you can recommend an alternative that would get new users up and
running in a demo environment, I would love to hear about it. The
problem, to me, looks like a trade-off between users being turned off
because they cannot get the software up and running to play with it and
the problems users face when deciding to stop using simpleCA and use a
real CA. I would much rather get people up and running as quickly as
possible than have them decide not to try it at all because they do not
know how to pick a CA to use or similar problems.
If you look outside of the quickstart, I don't think we mention SimpleCA
very much at all.
Charles
Alan
On Jul 22, 2008, at 3:53 PM, Joel Schneider wrote:
The following documents contain additional information relevant to this
topic:
http://www.ogf.org/documents/GFD.125.pdf
http://www.eurogrid.org/ca/eurogrid-ca-policy.pdf
The EUROGRID document describes steps taken in November 2002 to
discontinue usage of the "nsCertType" extension, and the OGF document
specifies a policy that hash algorithms with known weaknesses, such as
MD5, must not be used in new certificates.
Alan Sill, Ph.D
TIGRE Senior Scientist, High Performance Computing Center
Adjunct Professor of Physics
TTU
====================================================================
: Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
: e-mail: [EMAIL PROTECTED] ph. 806-742-4350 fax 806-742-4358 :
====================================================================
