[AG-TECH] trusted authorities?

Ivan R. Judson judson at mcs.anl.gov
Wed Aug 6 10:45:04 CDT 2003 

Hey Mike,

We're currently discussing all of these questions and haven't come to many
complete conclusions, but let me elaborate on our thoughts. Perhaps you (and
others) have feedback for us that will help.

In AGTk 2.1 (which unfortunately you can't see very clearly yet), we're
including certificate management software. The plan is for this software to
easily import and export both identity and CA certificates. Bob and I were
discussing the CA cert question and I think we both lean towards having the
Cert Mgmt software check a configurable repository(ies?) for CA certificates
that the user can browse and import at their discretion.

This avoids having to distribute any CA certs other than our own, which
means we can avoid the policy questions about how we trust CA certs, which
ones we include, what the process for submitting CA certs for review is,
etc.

Does that make sense?

--Ivan

> -----Original Message-----
> From: owner-ag-tech at mcs.anl.gov 
> [mailto:owner-ag-tech at mcs.anl.gov] On Behalf Of Michael Daw
> Sent: Wednesday, August 06, 2003 10:17 AM
> To: Ti Leggett
> Cc: AG Tech
> Subject: RE: [AG-TECH] trusted authorities?
> 
> 
> The obvious next question is, will you ship it with the 
> software (say AG2.1)? If not, why not, and what can we do so 
> that you will (if anything)?
> 
> -----Original Message-----
> From: owner-ag-tech at mcs.anl.gov [mailto:owner-ag-tech at mcs.anl.gov]On
> Behalf Of Ti Leggett
> Sent: 06 August 2003 14:27
> To: Michael Daw
> Cc: Jennifer Teig von Hoffman; AG Tech
> Subject: RE: [AG-TECH] trusted authorities?
> 
> 
> The UK e-Science CA is trusted on the TVS but we don't ship 
> it with the software at this time.
> 
> On Wed, 2003-08-06 at 03:18, Michael Daw wrote:
> > I thought the UK e-Science CA was trusted too...?
> >
> >
> http://agmailarchivers.ncsa.uiuc.edu/cgi-bin/agmailarchivers/v
iewmsg.pl?type
> =MAIL&&archive=AGTECH&&username=ANONYMOUS&&msgid=5302
>
> > -----Original Message-----
> > From: owner-ag-tech at mcs.anl.gov [mailto:owner-ag-tech at mcs.anl.gov]On
> > Behalf Of Ti Leggett
> > Sent: 05 August 2003 21:07
> > To: Jennifer Teig von Hoffman
> > Cc: 'ag-tech at mcs.anl.gov'
> > Subject: Re: [AG-TECH] trusted authorities?
> >
> >
> > Right now there are only two authorities trusted the AG CA and the 
> > Globus CA (which is going away in the future). On Tue, 2003-08-05 at 
> > 14:38, Jennifer Teig von Hoffman wrote:
> > > Howdy,
> > >
> > > Could somebody tell me whether the Alliance CA is trusted by
> > the TVS? I've got a user here who's got an Alliance cert he might 
> > like to use.
> > >
> > > And in general, how does one go about finding out what CAs are
> > trusted by a given server? Are there security issues here one should 
> > be aware of before giving out this information about a server 
> > they're running?
> > >
> > > - Jennifer
> > >
> > >
> >
> >
>

More information about the ag-tech mailing list