[AG-TECH] room node certificates

Ivan R. Judson judson at mcs.anl.gov
Mon Sep 29 11:22:31 CDT 2003 

Yes, each individual who uses the AG should have their own certificate, the
certificate request tools in the new software make this simple.

> -----Original Message-----
> From: Allan Spale [mailto:aspale at evl.uic.edu] 
> Sent: Monday, September 29, 2003 11:00 AM
> To: Ivan R. Judson
> Cc: 'Frank Sweetser'; ag-tech at mcs.anl.gov
> Subject: RE: [AG-TECH] room node certificates
> 
> 
> Ivan,
> 
> From a node operator perspective, is it recommended for each 
> node operator to have his/her own certificate in order to use 
> the AG?  If so, how would you go about doing that?
> 
> Thanks.
> 
> 
> Allan
> EVL at UIC
> Research Assistant
> 
> On Mon, 29 Sep 2003, Ivan R. Judson wrote:
> 
> > 
> > Hi Frank,
> > 
> > Yes there are. Here's our policy on signing certs:
> > 
> > 1) CN's need to be a real person's name, not a node name, cryptic 
> > string, or the login that's part of the email
> > 2) We don't have service certs yet, so those shouldn't be in the CN
> > 3) We don't sign certs that come from users with unverifiable email 
> > addresses (hotmail, yahoo, earthlink, etc) unless the recipient is 
> > known out of band of the request and can be vouched for.
> > 
> > So, #2 is the point that you're making -- since we don't 
> have service 
> > certs; the only valid tihng in a CN right now is a name, where name 
> > should be "<first name> <optional middle initial or name> <last 
> > name>".
> > 
> > We somehow have had certificates slip through that don't 
> follow these 
> > policies, but we'll be working on converting them to real identity 
> > certificates. The logic behind this policy is pretty 
> simple, identity 
> > certs identify individuals, therefore should have an 
> individuals name 
> > as the CN.
> > 
> > --Ivan
> > 
> > > -----Original Message-----
> > > From: owner-ag-tech at mcs.anl.gov
> > > [mailto:owner-ag-tech at mcs.anl.gov] On Behalf Of Frank Sweetser
> > > Sent: Monday, September 29, 2003 10:08 AM
> > > To: ag-tech at mcs.anl.gov
> > > Subject: [AG-TECH] room node certificates
> > > 
> > > 
> > > I've noticed that a fair number of sites are appearing with
> > > certificates identifying the site, rather than the individual 
> > > operator.  Are there any guidelines for requesting and using 
> > > site certs (ie, for "WPI" rather than "Frank Sweetser")?
> > > 
> > > --
> > > Frank Sweetser fs at wpi.edu
> > > WPI Network Engineer
> > > 
> > 
>

More information about the ag-tech mailing list