1 / 11

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th , 2009

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th , 2009. Updates. Propose to change the Classic AP Improved wording RobotReady ™ Accommodate GFD.125 Better CRL handling Realistic re-keying

bonnie
Télécharger la présentation

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th , 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Classic X.509 secured profile version 4.2Proposed ChangesDavid Groep, Apr 20th, 2009

  2. Updates • Propose to change the Classic AP • Improved wording • RobotReady™ • Accommodate GFD.125 • Better CRL handling • Realistic re-keying • See also http://www.eugridpma.org/guidelines/ IGTF-AP-classis-difference-4-1-to-4-2.pdf [sic] 2009 APGridPMA meeting - Classic Profile Changes v4.2

  3. Identity vetting rules Updates to better reflect existence of robot certificates And put down the (formerly implicit) documentation expectation on identity 2009 APGridPMA meeting - Classic Profile Changes v4.2

  4. Wording improvements on CA/RA • New wording to accommodate CP/CPS-es with a secure but novel method for securing CA-RA communications • Updates on the rekeying and renewal section • Better wording and expression of intent 2009 APGridPMA meeting - Classic Profile Changes v4.2

  5. The CA issuing system Improved wording on issuing system 2009 APGridPMA meeting - Classic Profile Changes v4.2

  6. Certificate Profile – GFD.125 cleanup Cleanup after accepting GFD.125 2009 APGridPMA meeting - Classic Profile Changes v4.2

  7. Certificate Profile - OIDs New text makes it explicit that the OID of the profile MUST be included in the certificates issued under this profile Also, add relevant 1SCP OID This will enable relying parties to make judgements based on the OIDs … and will get us out of the chicken-and-egg mess 2009 APGridPMA meeting - Classic Profile Changes v4.2

  8. Revocation Accommodate on-line CAs that can auto-reissue a CRL frequently, and make up for too-short CRLs 2009 APGridPMA meeting - Classic Profile Changes v4.2

  9. Subscriber due diligence Improved wording 2009 APGridPMA meeting - Classic Profile Changes v4.2

  10. Implementation • EUGridPMA has standing guidelines to implement changes in the profile within 6 mo • Can you live with them? • We’re still short of the associated 1SCPs • Entity descriptions (person, robot, host/service) • Private key protection other than secure token • Robot Certificate profile set 2009 APGridPMA meeting - Classic Profile Changes v4.2

More Related