[AG-TECH] certs/policy and testing (fwd)
Justin Binns
binns at mcs.anl.gov
Wed Jul 9 08:56:50 CDT 2003
This brings up an interesting issue - we've all along said that part of
what's good about AG2 is that each installation gets to decide which CAs
they trust, and which they don't. But in practical terms, we distribute
two valid CA's with the distribution, and we may want to add more in the
future. But we can't just add a CA for someone who's already installed
the software (obviously). I suggest we have a new area on the website
that is a list of CA's that we know and like. We can have their signing
policies and CA certs, and people can go download and install them into
their node installations (of course, this hinges on cert management that
is workable, or very clear and concise directions for adding CA certs to
windows/linux AGTk2 installs). This'd make it easier to distribute
updated CA certs, add new CA's, and even post notices about CAs we no
longer like (for some reason, like the CA private key got compromised or
some such).
Justin
---------- Forwarded message ----------
Date: Wed, 09 Jul 2003 07:07:31 -0500
From: Robert Olson <olson at mcs.anl.gov>
To: "Osland, CD (Chris) " <C.D.Osland at rl.ac.uk>,
'Lewis Grantham' <reavlew at ucl.ac.uk>,
"Boyd, DRS (David)" <D.R.S.Boyd at rl.ac.uk>,
"Mills, AB (Alistair) " <A.B.Mills at rl.ac.uk>,
"Hill, NM (Nick) " <N.M.Hill at rl.ac.uk>,
"Sansum, RA (Andrew) " <A.Sansum at rl.ac.uk>
Cc: "'ag-tech at mcs.anl.gov'" <ag-tech at mcs.anl.gov>
Subject: RE: [AG-TECH] certs/policy and testing
Yes, that would be good. If you send us (at ag-mcs at mcs.anl.gov) the CA cert
and signing policy we'll add it.
--bob
At 11:56 AM 7/9/2003 +0100, Osland, CD (Chris) wrote:
> >From the minimal amount I know about this, and from questions I have
>been asked, it would seem eminently sensible for existing UK
>e-Science certificates to be recognized and accepted by the
>worldwide AG community - and so used for AG 2.0. However, knowing
>so little I have copied this to various people at RAL in e-Science
>hoping they will comment, through me if they can't access ag-tech
>mailing list themselves.
>
>Cheers
>
>Chris
>
>____________________________________________________________________
>Chris Osland Office tel: +44
>(0) 1235 446565
>Digital Media and Access Grid Medialab tel: +44 (0)
>1235 446459
>BIT Department Access Grid room tel: +44
>(0) 1235 445666
>e-mail: C.D.Osland at rl.ac.uk Fax: +44
>(0) 1235 445597
>CLRC Rutherford Appleton Laboratory (Bldg. R18)
>Chilton, DIDCOT, Oxon OX11 0QX, UK
>[The contents of this email are confidential and are for the use of the
>intended recipient only.
>If you are not the intended recipient do not take any action on it or show
>it to anyone else,
>but return this email to the sender and delete your copy of it.]
>
>
>
>
>
> > -----Original Message-----
> > From: Lewis Grantham [mailto:reavlew at ucl.ac.uk]
> > Sent: 09 July 2003 11:25
> > To: ag-tech at mcs.anl.gov
> > Subject: [AG-TECH] certs/policy and testing
> >
> >
> > Hi AGTech
> >
> > is there any interest in importing the UK E-Science CA and
> > policy into the
> > default venue server to allow us to join the test sessions?
> >
> > We are having trouble running our own Venue Server under
> > AG2.0final, so we have
> > little to connect too, or try out. Since globus is set up on
> > UK E-Science
> > certificates here, I can't join the test sessions at all
> > using the client
> > modules.
> >
> > thanks for any info in this respect
> >
> > lewis
> >
> > --
> > ......................................................
> > Lewis Grantham LLB MSc
> > Project Leader, Multimedia Unit
> > Media Resources, UCL (University College London)
> > Windeyer Building, Cleveland Street, London W1P 6DB
> >
> > Tel: (+44) 020 7679 9258 Fax: (+44) 020 7580 0995
> > URL: http://www.ucl.ac.uk/mediares/mmedia
> >
More information about the ag-dev
mailing list