Here's an interesting dilemma posed by a software tools provider & Grid service provider in OSG. It's in scope for us at least to the extent that we are providing projects for a rational basis to contemplate automation like this. This is essentially a special case of a "validation service" too, isn't it? (The case where the "service" consists only of automatically updating trust anchors according to some rules at each relying party.) ------- Forwarded Message

From owner-osg-int@OPENSCIENCEGRID.ORG Wed Oct 25 15:26:58 2006 Date: Wed, 25 Oct 2006 17:24:05 -0500 From: Alain Roy <roy@cs.wisc.edu> Subject: Re: CA cert In-reply-to: <453FE301.9050209@phys.ufl.edu> Sender: owner-osg-int@OPENSCIENCEGRID.ORG To: osg-int@OPENSCIENCEGRID.ORG Message-id: <7.0.0.16.2.20061025172253.089f6c88@cs.wisc.edu>

I don't feel comfortable suggesting a way to automate the installation of root-owned files pertaining to security: I don't have a strong enough security background. - -alain At 06:19 PM 10/25/2006 -0400, Bockjoo Kim wrote:

Is it not possible to automate or cronize this ? Bockjoo Alain Roy wrote:

...

At 05:53 PM 10/25/2006 -0400, Bockjoo Kim wrote:

...

Hi, We need to update more CAs. Could someone tell me how to include this CA : 9dd23746.0 and http://www.irisgrid.es/pki/ and/or which configuration file should be updated ?

That CA is in the VDT distribution of the CA certificates. If you haven't updated in a while, you might not have it. Get a recent version of Pacman (not Pacman 3.17) and: cd $VDT_LOCATION pacman -allow save-setups pacman -update CA-Certificates -alain

------- End of Forwarded Message