[caops-wg] Proxy Certificates discussion
jluna at ac.upc.edu
Fri Oct 28 05:31:32 CDT 2005
We have been reading the presentations made by some of you in the last
GGF sessions and we would like to comment about OCSP and Proxy
Certificates, due in part to the experience that we have achieved with
our Open Grid Ocsp -OGRO- API and on the other hand with the spirit to
finish as soon as possible the "OCSP requirements for Grids" document.
Next you'll receive three follow-ups to this email related with the
Proxy Certificate's topic:
-First we will present our point of view about the proposal of encoding
AIA in first-level Proxy Cert, as mentioned in the presentation
"OCSP-GGF15.ppt" available on the CAOPS-WG' Web page.
-In second place we would like to comment about the "Which OCSP
Responder to Trust?" topic, also mentioned in the PPT.
-Finally we would like to briefly present the results of some tests done
in the last weeks with OGRO and its Grid Validation Policy. We have not
only tested several policy configurations (i.e. signing the Requests,
using nonces and sending OCSP over HTTPS), but also implemented a
mechanism to further improve OCSP validation perfomance in Grids, called
"OCSP Pre-validation" which is being beta-tested in our installations
prior to be published in OGRO's Web page.
In any case, based in your comments we may be able to commit asap to the
list the draft text for the document's Proxy Validation section.
Best regards form Barcelona,
Oscar & Jesus
More information about the caops-wg