This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/sfmain/do/go/artf5963?nav=1&selectedTab=comments at Sun, 06 Nov 2022 08:45:17 GMT SourceForge : artf5963: Grid Certificate Profile

Project Home

Tracker

Documents

Tasks

Source Code

Discussions

File Releases

Wiki

Project Admin
Search Tracker
Project: Editor     Trackers > Published > View Artifact
Artifact artf5963 : Grid Certificate Profile
Tracker: Published
Title: Grid Certificate Profile
Description:
This document describes the possibilities and limitations for attributes and extensions in X.509 certificates that are 
usable by grid infrastructures and defines the requirements for both CA and end-entity certificates.
Submitted By: Christos Kanellopoulos
Submitted On: 07/30/2007 9:34 PM EDT
Last Modified: 04/29/2008 11:02 AM EDT

Status / Comments Change Log Associations Attachments (4)  
Status  
Group: * APME
Status:* Closed
Category: * Community Practice
Customer: *
Priority: * 1
Assigned To: * Joel Replogle
Reported in Release: *
Fixed in Release: *
Estimated Hours: * 0
Actual Hours: * 0
resolution: * Accepted
Comments
Greg Newby: 04/29/2008 11:02 AM EDT
  Action: Move
Moved from Submit OGF Draft to Published
Group changed from Grid Operations to APME
resolution set to Accepted
Status changed from Ready to Publish to Closed
Joel Replogle: 04/01/2008 12:15 AM EDT
  Comment:
published as GFD.125 on 2008-03-31
  Action: Update
Greg Newby: 03/30/2008 4:31 PM EDT
  Comment:
Thanks.  This has already been through GFSG final review, and so will now be published.

GFD-C.125
  Action: Update
Assigned To changed from Greg Newby to Joel Replogle
Priority changed from 2 to 1
Status changed from Author Action Needed to Ready to Publish
David Groep: 03/30/2008 2:15 PM EDT
  Action: Update
Assigned To changed from Thilo Kielmann to Greg Newby
David Groep: 03/27/2008 6:21 PM EDT
  Comment:
Hi Greg, Thilo,

We have processed your comments and incorporated them in a new version (CAOPS internal revision 0.27, dated March 27), attached here. 
Since the differences correspond directly to the comments made here, no further change log is attached. 

  Thanks,
  DavidG.
  Attachment: draft-ogf-caops-grid-certificate-profile-v27.doc (278 KB)
  Action: Update
Added an attachment.
Greg Newby: 03/27/2008 4:17 AM EDT
  Comment:
Authors/editors:

The Science council solicited some input on this document, and received the feedback below.  Would you please consider the feedback, and if needed 
produce changes to the document?  I believe that since the changes are fairly minor (though there are many), this will not need further review.

Once you are satisfied, email me and/or set the tracker back to me, and we'll put this into mailing list "final call" with the GFSG, prior to 
publication.  Please let me know if you have questions or suggestions.

The feedback:

> - "SHA-1" is occasionally written as "SHA1" (e.g., footnote 2).
> - References to concrete implementations (e.g., to mention
>   defects) should typically be in footnotes.  Sometimes this is
>   not the case, e.g.:
>   - "Mozilla-NSS based browers" in section 2
>   - "Some grid middleware, in particular any version of the Globus Toolkit"
>     in section 3
>   - "In any software based on the OpenSSL code.." in section 3
> - The tables summarizing the certificate component recommendations
>   in sections 2 and 3 all have an entry of "Harmless", which compared
>   to the terms "Required", "Advised to use" and "Not to be used" sounds
>   a bit vague. Maybe "Optional" is a better term?
> - footnote 4 should really be in the text, as it mentions a SHOULD?
> - footnote 5: "There is [a] another reason"
> - footnote 9: also important enough to be put (maybe partially)
>   in main text?
> - Note: neither my MS Word at home nor OpenOffice at work gave
>   section numbering that seemed to make sense.  E.g., several footnotes
>   referring to explicit section numbers (e.g., 30, 33, 34), pointed
>   to non-existing ones.
>   Maybe PDF is advisable distribution format for public comments?
> - section 2.1.9 (but probably a different section, see previous point)
>   also mentions nsPolicyURL, nsRevocationURL which are not in the table
>   at the head of the section, unlike the other ones.
> - footnote 10: "openssl" -> "OpenSSL".
>   The whole footnote sounds a bit vague with phrases like "probably
>   not tested", "can't really be tested", which makes its point less
>   obvious.  Maybe it can be reformulated/shortened.
> - footnote 11: "Explorer [version] up to and including [version] 6"
> - footnote 14: The reference to it mentions "http URI", the footnote
>   itself says "The URL should..", and later on again "URI".
> - start of section 3: "SHA1 is currently the only recommended [value]".
>   Before that, it talks about apropriate hash functions, not "values".
> - Abreviation "RDN" is used a few times in section 3 a few times
>   before the full term is mentioned.
> - footnote 19 refers to use of slashes and equal signs, not quotes
>   (from which it is referred to in the text).
>   Also, the last subsentence "and the equal sign.." should be moved
>   before "a proper parser.." I think.
> - the table in section 3 mentions "userID, uniqueIdentifier",
>   the text later on:  "userID or uid"
> - section on "commonName":  "must not" is that a "MUST NOT"?
> - next subsection "[withon] the characters 0-9.."
> - footnote 27 "OpenSSL [versions] 0.9.7c or older [version] [encodes]"
> - footnote 28: "Note the UK is an (in)famous exception..", then
>   mentions both "GB" and "UK", but does not explicitly say that
>   either is equally acceptable
> - In section "Extension in end-entity certificates":
>   "For use of an end-entity [certificate certificate]"
> - First it is RECOMMENDED that the extension keyUsage is included,
>   but then in the table it is "Required" and a subsection later
>   also mentions "MUST".
> - The text mentions "subjectAltName extension", the table
>   "subjectAlternativeName*"
> - In the subsection "keyUsage", missing words:
>   "The dataEncipherment value [is] RECOMMENDED [to] be set.."
> - In subsection "extendedKeyUsage":
>   "clienthAuth [should be] asserted": -> "[SHOULD BE"]?
> - subsection "Application interplay.."
>   There is some overlap in the section and corresponding footnote
>   41 contents (e.g., "MUST" in section, same but "must" in footnote).
>   The section contents specifically devoted to on OpenSSL
>   implementation details should really be in the footnote I guess.
>   The footnote also has phrases like "seem less picky" and "will survive"
>   which seem a bit too colloquial for this type of document
> - subsection "authorityKeyIdentifier":
>   "of [isser] certificates" -> "..[issuer].."
> - footnote 47: "As of Aug 11, 2006: ..apply only to VOMS and VOMS-Admin"
>   Only for specific version up to a certain date, or does it hold
>   for VOMS in general?
> - Section 4:
>   "The [current] most secure hash" -> "..[currently].."
>   "[As] the time of writing" -> "[At].."
> - Section 5: The introduction to that section (e.g.,
>   "The meaning of several common attributes [..] is not always clear",
>   "..that are a common source of confusion") does not clearly relate
>   to the few simple examples that then follow.
  Action: Update
Assigned To changed from David De Roure to Thilo Kielmann
Status changed from GFSG Review: 15-day final to Author Action Needed
Greg Newby: 02/12/2008 11:02 AM EST
  Comment:
This document was discussed during the February 12 standards telecon.  The GFSG needs to hear from the eScience council in order to move the document 
to publication.  I'm following up via email, and will schedule discussion for the February 24 GFSG face to face.
  Action: Update
Greg Newby: 01/26/2008 12:14 AM EST
  Comment:
This is now in GFSG final review, scheduled for dicussion at the February 12 telecon or as soon thereafter as is available.
  Action: Update
Status changed from Author Action Needed to GFSG Review: 15-day final
Christos Kanellopoulos: 01/22/2008 7:25 AM EST
  Comment:
Hi Greg, David,

Last week we were informed of a typo and an inconsistency that affected at least on CA that were not noticed during the public comment period. Taking 
in mind that the document has been stuck with the status "Author Action Needed", we went on and produced a new version incorporating the two changes. 


Please can you see that the document moves to next phase? As far as the group is concerned, the document is finished

Thanks,
-Christos
  Attachment: draft-ogf-caops-grid-certificate-profile-v26.doc (274.5 KB)
  Action: Update
Added an attachment.
Christos Kanellopoulos: 12/11/2007 3:34 PM EST
  Comment:
Thanks Greg, I thought I had attached in my last comment and didn't check.
  Attachment: draft-ogf-caops-grid-certificate-profile-v25.doc (192.5 KB)
  Action: Update
Added an attachment.
Greg Newby: 12/11/2007 2:04 PM EST
  Comment:
I sent email to Christos asking him to upload the new document.
  Action: Update
Christos Kanellopoulos: 12/11/2007 8:06 AM EST
  Comment:
All comments have been addressed and a new version has been produced by the authors.  Please move the document to the next phase
  Action: Update
Greg Newby: 10/12/2007 8:20 PM EDT
  Comment:
Authors/editors:

Public comment is complete.  Please review public comments here, and respond as appropriate:
  https://forge.gridforum.org/sf/discussion/do/listTopics/projects.ggf-editor/discussion.cp_grid_certificate_profile

Respond in that tracker or this one, and/or by updating your document.  When ready, update this tracker or send email, and the document will be moved 
to the next phase.
  Action: Update
Assigned To changed from Joel Replogle to David De Roure
Priority changed from 3 to 2
Status changed from Public Comment Period to Author Action Needed
Greg Newby: 08/06/2007 9:49 AM EDT
  Comment:
This document has been reviewed, and is now advanced to 60-day public comment.
  Action: Update
Assigned To changed from Greg Newby to Joel Replogle
Priority changed from 4 to 3
Status changed from Editor Review: Initial to Public Comment Period
Joel Replogle: 07/30/2007 9:50 PM EDT
  Comment:
Initial submission, should have status "Editor Review: Initial".
  Action: Update
Status changed from Editor Review: Final to Editor Review: Initial
Christos Kanellopoulos: 07/30/2007 9:34 PM EDT
  Attachment: draft-ogf-caops-grid-certificate-profile-v22.doc (194 KB)
  Action: Create
Added an attachment.


 
 
 
< Previous
 
 
Next >
 


The Open Grid Forum Contact Webmaster | Report a problem | GridForge Help
This is a static archive of the previous Open Grid Forum GridForge content management system saved from host forge.ogf.org file /sf/sfmain/do/go/artf5963?nav=1&selectedTab=comments at Sun, 06 Nov 2022 08:45:17 GMT