Hi, Ar 27.10.10 13:20, scríobh Reimer Karlsen-Masur, DFN-CERT:
cool, many thanks, I will check the PDF later this week.
Question to David O'Callaghan: Do you have any additional immediate obvious bug fix requests regarding GFD.169 that you wish to resolve now? Or are your issues more with the audit spreadsheet available from the eugridpma website?
The only one that springs to mind is: Section 3.2.1 (5) An RA must validate the association of the certificate signing request. I don't understand the requirement (as someone familiar with PKI and as a native English speaker!), and the audit guidelines document does not explain, but just repeats it as a question "How does an RA validate the association of the certificate signing request?" I think the audit point should clarify the meaning of "the association": * Does it mean the association between subscriber's identity and the CSR? * Does it mean the association between the identity vetting performed by the RA and the CSR? * Does it mean the association between the private key and the public key in the CSR? * (or, less likely) Does it mean the subscriber's organization? This requirement comes from section 3.1 of the Classic AP v4.3, so perhaps my comment should be directed at that document. Beyond that, I would need to spend some time to look at the updated document and my notes from preparing for my EU Grid PMA Self Audit. Kind regards, David -- Ánra Taighde - Scoil na hEolaíochta Ríomhaireachta ⁊ na Staitisticí, Coláiste na Tríonóide, Baile Átha Cliath 2 Research Fellow - School of Computer Science & Statistics, Trinity College, Dublin 2 Guthán / Telephone: +353 1 896 1720