infn ca1 active since july 1998 manager: –roberto cecchini types of certificates released:...
TRANSCRIPT
![Page 1: INFN CA1 active since July 1998 manager: –Roberto Cecchini types of certificates released: –personal –server –object signing](https://reader036.vdocuments.site/reader036/viewer/2022082512/551548ed55034673228b615d/html5/thumbnails/1.jpg)
INFN CA 1
INFN CA
• active since July 1998• http://security.fi.infn.it/CA/• manager:
– Roberto Cecchini <[email protected]>
• types of certificates released:– personal– server– object signing
• CRLs generated every week• LDAP support in preparation
![Page 2: INFN CA1 active since July 1998 manager: –Roberto Cecchini types of certificates released: –personal –server –object signing](https://reader036.vdocuments.site/reader036/viewer/2022082512/551548ed55034673228b615d/html5/thumbnails/2.jpg)
INFN CA 2
Policy
• personal certificates– request via web browser (Netscape or IE)– phone check by the CA– sign, send url (by e-mail) and download
• server & object signing– request (by e-mail) signed by a personal certificate– sign and send (by e-mail)
![Page 3: INFN CA1 active since July 1998 manager: –Roberto Cecchini types of certificates released: –personal –server –object signing](https://reader036.vdocuments.site/reader036/viewer/2022082512/551548ed55034673228b615d/html5/thumbnails/3.jpg)
INFN CA 3
CA coordination
• only one (European?) CA– very difficult to verify user identity
• many CAs– how to establish mutual trust relationship?
• hierarchical structure– a top CA trusted by all
• requirements– common policy guidelines– common security requirements– periodic checks?