[AG-TECH] Per-node certificates
Ivan R. Judson
judson at mcs.anl.gov
Fri Feb 4 19:47:31 CST 2005
You could enable that rule by disallowing certs from the anonymous CA, if
that were an explosed functionality. (I'd expect to see it in future
releases ;-)
--Ivan
> -----Original Message-----
> From: owner-ag-tech at mcs.anl.gov
> [mailto:owner-ag-tech at mcs.anl.gov] On Behalf Of Christoph Willing
> Sent: Friday, February 04, 2005 7:19 PM
> To: Steve Gallo
> Cc: Steve Smith; ag-tech
> Subject: Re: [AG-TECH] Per-node certificates
>
> >
> >> -----Original Message-----
> >> From: owner-ag-tech at mcs.anl.gov
> [mailto:owner-ag-tech at mcs.anl.gov]On
> >> Behalf Of Steve Smith
> >> Sent: Tuesday, February 01, 2005 9:51 PM
> >> To: ag-tech
> >> Subject: [AG-TECH] Per-node certificates
> >>
> >>
> >> Hi,
> >>
> >> Is there any plan to re-institute per-node AG2
> certificates, and if
> >> not what's the current accepted practise for multi-user,
> >> multi-machine node setups?
> >>
> >> Cheers,
> >> Steve
> >>
>
> On 05/02/2005, at 4:42 AM, Steve Gallo wrote:
>
> >
> > I believe that you can use an anonymous certificate,
> although I think
> > that there are some restrictions on what you can/can't do with them.
> >
>
> That is a good use for Anonymous certificates. Their potential
> shortcoming is if/when ACL's are used for secure meetings
> (very rarely
> done so far). If I were setting up a secure meeting room, my first
> general "deny" rule would be aimed at any Anonymous certificate. Mind
> you, I'm not sure that thats possible with the current ACL's, but an
> ideal system should "allow" or "deny" classes of certificate such as
> Anonymous.
>
> chris
>
>
> Christoph Willing Ph: +61 7 3365 8350
> QPSF Access Grid Manager
> University of Queensland
>
>
More information about the ag-tech
mailing list