This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/go/projects.ggf-editor/discussion.cp_grid_certificate_profile.topc4126 at Sun, 06 Nov 2022 09:02:43 GMT SourceForge : Post

Project Home

Tracker

Documents

Tasks

Source Code

Discussions

File Releases

Wiki

Project Admin
Project: Editor     Discussion > CP:Grid Certificate Profile >  A few minor issues > List of Posts
Forum Topic - A few minor issues: (1 Item)
View:  as 
 
 
A few minor issues
Overall I think this is a good document.  I have a few minor issues the authors may wish to consider

Section 2.2
While I understand that most of the deployed infrastructure still doesn’t support the SHA-2 family of hash functions, I
 am concerned about recommending only SHA-1 be used. This situation is likely to change very rapidly. You might add 
language to the effect that if the CA knows the targeted grid environment supports the SHA-2 family then its use if 
preferred.

Section 3.3.2
I would prefer this document recommend that  keyUsage = nonRepudiation NOT be used in any certificates. It has been 
debated endlessly and there is little consensus on how it should be interpreted.

Section 4.2
ECC-based signatures are starting to be used for x.509 certificates (driven by the US Govt Suit B algorithm requirements
 – see http://www.nsa.gov/ia/industry/crypto_suite_b.cfm).  This specification should acknowledge this transition, 
similar to the discussion of SHA-1 versus SHA-2 hash algorithms. 

 
 


The Open Grid Forum Contact Webmaster | Report a problem | GridForge Help
This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/go/projects.ggf-editor/discussion.cp_grid_certificate_profile.topc4126 at Sun, 06 Nov 2022 09:02:43 GMT