Download
tacar updates version 1 4 3 david groep nikhef n.
Skip this Video
Loading SlideShow in 5 Seconds..
TACAR Updates version 1.4.3 David Groep, NIKHEF PowerPoint Presentation
Download Presentation
TACAR Updates version 1.4.3 David Groep, NIKHEF

TACAR Updates version 1.4.3 David Groep, NIKHEF

110 Vues Download Presentation
Télécharger la présentation

TACAR Updates version 1.4.3 David Groep, NIKHEF

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. TACAR Updatesversion 1.4.3David Groep, NIKHEF

  2. TACAR Aims • Trusted and Centralized place for obtaining CA root certificates • for download by users for use in browsers, mailers &c • for validation of roots obtained by other means • Not meant for policy validation • no minimum policy or technical requirements to get in • but CAs can be grouped (i.e. by IGTF AuthN Profile) • Focus on validation of the organisation that submits the root certificate(s)

  3. TACAR Repository Function

  4. TACAR immediate role for the IGTF • Authentic source of the trust anchors that go into the other distribution formats • helps those constructing the distribution … • Independent check for IGTF re-distributors • although still not all CAs are in TACAR …

  5. Getting into it • Has been perceived “too slow”, or “impractical” • previously, a F2F meeting with a TERENA Officer (Licia) was required • is about to change … see next slides • has been perceived as “difficult”, or “too much work” • there is indeed paperwork to be done • that brings added value as an independent validation point • New policy to address some of these concerns

  6. Paperwork required • Prepare a CD-ROM with • your root certificate • CP and/or CPS documents (PDF format) • Copy of Registration Letter • list of the root certificates and meta-data • name &c of the CA organisation • name of the CA representative • Copy of Accreditation Letter • list of administrators and managers allowed to make updates to TACAR for that CA • A Direct Responsible Person as an ultimate SoA • Paper versions of the Registration and Accreditation Letter • If you want to update this data electronically • PGP keys, cross signed with the TACAR representative • PGP signed versions of all of the above

  7. New in v1.4.3: Trusted Introducers • Formerly all this had to be done with a TERENA Officer • Now, you can do it with a Trusted Introducer as well • appointed by the TACAR Community • one per CA coordinating body/organisation • that regularly meets CA representatives • TI then has to do all the work with Licia afterwards

  8. Implementation • Policy v1.4.3 has been discussed extensively • Latest draft 22 Nov 2006 • No comments received on TF-EMC2 after that • with EUGridPMA acceptance, majority of TACAR Community will have agreed  • Will hopefully get everyone into TACAR this time …