On Jul 23, 2008, at 8:37 AM, Alan Sill wrote:
These observations are correct. For any extended (i.e., non-test)
grid with any intention to operate in a CA an accredited manner,
however, the use of SimpleCA would not be recommended in any case.
Personally, I wish the Globus team would de-emphasize its inclusion
of SimpleCA and decouple it from the Globus documentation.
If you can recommend an alternative that would get new users up and
running in a demo environment, I would love to hear about it. The
problem, to me, looks like a trade-off between users being turned off
because they cannot get the software up and running to play with it
and the problems users face when deciding to stop using simpleCA and
use a real CA. I would much rather get people up and running as
quickly as possible than have them decide not to try it at all because
they do not know how to pick a CA to use or similar problems.
If you look outside of the quickstart, I don't think we mention
SimpleCA very much at all.
Charles
Alan
On Jul 22, 2008, at 3:53 PM, Joel Schneider wrote:
The following documents contain additional information relevant to
this
topic:
http://www.ogf.org/documents/GFD.125.pdf
http://www.eurogrid.org/ca/eurogrid-ca-policy.pdf
The EUROGRID document describes steps taken in November 2002 to
discontinue usage of the "nsCertType" extension, and the OGF document
specifies a policy that hash algorithms with known weaknesses, such
as
MD5, must not be used in new certificates.
Alan Sill, Ph.D
TIGRE Senior Scientist, High Performance Computing Center
Adjunct Professor of Physics
TTU
====================================================================
: Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
: e-mail: [EMAIL PROTECTED] ph. 806-742-4350 fax 806-742-4358 :
====================================================================
