infn ca1 active since july 1998 manager: –roberto cecchini types of certificates released:...
TRANSCRIPT
INFN CA 1
INFN CA
• active since July 1998• http://security.fi.infn.it/CA/• manager:
– Roberto Cecchini <[email protected]>
• types of certificates released:– personal– server– object signing
• CRLs generated every week• LDAP support in preparation
INFN CA 2
Policy
• personal certificates– request via web browser (Netscape or IE)– phone check by the CA– sign, send url (by e-mail) and download
• server & object signing– request (by e-mail) signed by a personal certificate– sign and send (by e-mail)
INFN CA 3
CA coordination
• only one (European?) CA– very difficult to verify user identity
• many CAs– how to establish mutual trust relationship?
• hierarchical structure– a top CA trusted by all
• requirements– common policy guidelines– common security requirements– periodic checks?