[AG-TECH] Re: Certificates

Christoph Willing willing at itee.uq.edu.au
Sun Aug 7 22:10:51 CDT 2005 

On 08/08/2005, at 12:19 PM, Peter DeSantis wrote:

> So what can you do with a normal certicificate that you cant do with a 
> anonymous one.

You can enter a room for which entry is restricted to specific identity 
certificates


>
> Aside from the physical login restrictions at the users end, what is a 
> security certificate for and do you need it to access rooms

As above, you may need it to access _some_ rooms. This isn't widely 
used AFAIK, but you could imagine that for some meetings (medical, 
government etc.), you wouldn't want anyone to just drop in.

chris


>
> Peter
>
>
> Hi Vic:
>
> See comments inline...
>
> Victor Babson wrote:
>> Hey Ivan,
>>
>> Thanks for the response. Stay outta this. It's `tween me and Tom! :)
>>
>> Seriously, I did make a note in my documentation that turn around 
>> time is
>> usually within a few hours but will take longer if requested during 
>> the
>> weekend. Even so, if I didn't send an email, when do you think I 
>> would have
>> gotten my cert?
>
> There are three of us signing certs. Under normal circumstances, this
> should result in certs being signed about once each day. Sometimes it
> takes longer. I'm sure your cert would have been signed on Wednesday
> morning, which woulda been 48-49 business hours from the request.
>
>>
>> I hope this isn't coming across as negative or pushy, or rude. You 
>> both
>> should know me enough to realize I'm not like that. I'm just 
>> wondering the
>> best way to address this.
>
> Oh, yes, I know you better than that. No problem, Vic.
>
>>
>> Is there a spool of sorts that someone makes an effort to view and 
>> sign
>> certs every other day? It could be a misconstrued view I have, but 
>> I've
>> seen posts where it seems some requests had slipped through the 
>> cracks. Is
>> the best plan to wait? I can write the documentation to say request 
>> cert
>> and wait until it's signed. But what if a week goes by and the user 
>> still
>> has no cert. You know I would write you :) but a first-time user to AG
>> might see this as normal.
>
> You'll never wait a week for a cert. In the great majority of cases, we
> sign certs according to the schedule we've claimed. There are
> occasional slips. Some of the mail you see also results from other
> problems, such as people jumping the gun (I requested my cert this
> morning, where is it?), a cert request that has been denied but the
> person hasn't found the notice in his mail, etc.
>
> The upcoming 2.4 release will include automatic request/retrieval of an
> anonymous cert, so users won't be faced with the burden of waiting two
> days for an identity cert before they can use the software. This should
> simplify things to some extent (and will affect the document you're
> writing). With the 2.3 software, an anonymous cert can be requested
> manually, retrieved immediately, and used in exactly the same manner as
> an identity cert.
>
> If you have any other concerns, let me know.
>
>>
>> Give me two more pence and I'll leave you alone.
>>
>> Thanks again and keep up the tremendous job!
>>
>> --Vic
>>
>> P.S. Tom, you gonna let this guy speak for you or what? :)
>
> Not for me, but for project-related stuff, sure: He's pretty
> knowledgeable :-)
>
>>
>>
>> -----Original Message-----
>> From: owner-ag-tech at mcs.anl.gov [mailto:owner-ag-tech at mcs.anl.gov] On 
>> Behalf
>> Of Ivan R. Judson
>> Sent: Thursday, August 04, 2005 12:29 AM
>> To: 'Victor Babson'; ag-tech at mcs.anl.gov
>> Subject: RE: [AG-TECH] Certificate request
>>
>>
>> Hey Vic,
>>
>> I'd suggest not counting Saturday/Sundays into the 48 hours, since 
>> nobody is
>> paid to work those days :-)
>>
>> just my $0.02.
>>
>> Cheers!
>>
>> --Ivan
>>
>>
>>> -----Original Message-----
>>> From: owner-ag-tech at mcs.anl.gov
>>> [mailto:owner-ag-tech at mcs.anl.gov] On Behalf Of Victor Babson
>>> Sent: Wednesday, August 03, 2005 10:04 PM
>>> To: ag-tech at mcs.anl.gov
>>> Subject: RE: [AG-TECH] Certificate request
>>>
>>> Hey Tom,
>>>
>>> Thanks for the cert and thanks for the reply. I knew of the
>>> loose promise of having a cert within 48 hours.
>>>
>>> I am working on a documentation project and I am doing video
>>> captures for folks who need it. I wanted to request an
>>> identity cert, show how to check the status and then import
>>> it when ready.
>>>
>>> I just started to worry that my request didn't get through
>>> since it had been over 80 hours...
>>>
>>> Your extra information helps me in writing my documentation,
>>> so thanks! But before I include the ag-tech mailing list for
>>> the technically challenged and cert requests start flying in
>>> like crazy, what would you recommend I put for my
>>> users/readers to do in the event a case like this is
>>> repeated? Should I write that they should request another
>>> cert? Should I list ag-tech and instruct them to send an email?
>>>
>>> Again, I know the difference between the anon cert and the
>>> others, but consider 48 hours to be a reasonable turn-around
>>> time. Thanks in advance for your help.
>>>
>>> --Vic
>>>
>>>
>>> -----Original Message-----
>>> From: owner-ag-tech at mcs.anl.gov
>>> [mailto:owner-ag-tech at mcs.anl.gov] On Behalf Of Thomas D. Uram
>>> Sent: Wednesday, August 03, 2005 12:50 AM
>>> To: Victor Babson
>>> Cc: ag-tech at mcs.anl.gov
>>> Subject: Re: [AG-TECH] Certificate request
>>>
>>> Hey Victor:
>>>
>>> I just signed your certificate. If you have any trouble with
>>> it, let us know (ag-info at mcs.anl.gov).
>>>
>>> If the certificate request tool doesn't tell you of a
>>> problem, you should be able to safely assume that the request
>>> succeeded. Because these certificates are signed manually,
>>> we claim a two-day turnaround on them (but usually do better
>>> than that). If you need a cert in a hurry, you could
>>> optionally request an anonymous cert, which is signed
>>> automatically and available immediately.
>>>
>>> Tom
>>>
>>>
>>>
>>>
>>> Victor Babson wrote:
>>>
>>>> I requested a certificate on Saturday (July 30^th ) at 03:19:13 PM
>>>> Eastern time.
>>>>
>>>>
>>>>
>>>> How can I check to make sure this request was received and I'm not
>>>> checking the status in vain?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --Vic
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
>
>
>
> Thanks
>
> Peter DeSantis
> peter at jumbovision.com.au
> Jumbo Vision International Pty Ltd
> Unit 2 ,1 Aitken Way
> Kewdale WA 6105
> Australia
>
> Tel: 61 8 9353 6200
> Fax: 61 8 9353 6211
>
>
Christoph Willing                        Ph: +61 7 3365 8350
QPSF Access Grid Manager
University of Queensland

More information about the ag-tech mailing list