(I found some discussion in the archives about a year ago, at least before the subject thread forked ...)
We had a generic cert for our room system which expired. As per policy stated by Ivan in the thread circa 11 Sep 2003, this can't be renewed. - I mailed both the sending address on the wizard reply (r...@fl-caserver.mcs.anl.gov), and the "help" address in the 2.2 wizard (agdev...@mcs.anl.gov) with no reply. Either everyone's on vacation, the forwarding's broken, or they think my comments are best ignored. It's frustrating... - re. cert policy: For my personal workstation I get a personal cert, and I'm me, so no problem. For our room system, we'd used a generic cert and tell everyone the password. If they can get the physical key to the room (and the electronic key to our secured area where the room is) that's good enough. We tend to run most conferencing (VRVS, H.323, etc.) without an operator and let people that know what they are doing go ahead and do it. Now (well, since a year ago, perhaps just after I got the cert) it seems that we're supposed to have identifiable certs for the system. - the venue client (2.1, anyway, and I don't think 2.2's much better) doesn't easily switch over between identities. I had to kill the client and hence the media before it would accept a new default cert and restart. So it's not particularly easy to have one operator go off-shift and another come on in the middle of a conference. - if the cert is stored in a proxy, and the person who it belongs to is no longer around for some reason, it's not really "their" session anymore. - I don't particularly want to put my name against a conference where there are a lot of different people speaking, and I'm not present - and hence can't control what they say, what material they present or upload to the server, etc. (I don't suppose anyone takes this particularly seriously, but if not, what's the point of using identity certs in the first place?) If I have to have a personal cert for a room, and can't make up a generic name, then I want some way to differentiate it from a "real" identity cert used for my PiG etc. I have an idea that the anonymous cert in 2.2 might be supposed to address these issues (?), but not all servers accept them (2.1 for instance) -- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 secur...@triumf.ca