Dear all, Following the discussion today on the revision of the Grid Certificate Profile (GFD.125), I have uploaded the base of the new document to GridForge onder the CAOPS Working Drafts: https://forge.ogf.org/sf/go/doc16402 this version is still very much like the original GFD.125, except for the following: - the preamble now mentions it is a "recommendation" - all references to RFC3280 have been replaced by 5280 - the ambiguity regarding emailAddress ("obsoleted" vs. "depricated") for its use in subject names for CAs and EECs has been resolved and is now in line with RFC5280 - emailAddress (or Email, or E) now MUST NOT be used in subject or issuer DNs What still needs to be done, and for which your input is much appreciated: - verify consistency with RFC5280 (following the 3280->5280 change) - remove references to java version 1.4, and the by-now-dangerous recommendation to have the keylength smaller than 4096 (section 4.3). We should review the status of small key lengths on eTokens, where the maximum might be 4096 bits. The aim is very much to get the new GFD out quickly as a recommendation (instead of an information document), so the proposed changes have a deliberately limited objective: make sure it is consistent and not wrong. Other experience we may have gathered over the years and which can be folded in quickly (and without much controversy) is also very welcome. The aim is to have a new document approved by the WG and ready for public comment BEFORE the next OGF35 in Delft. So it must be done by the end of May this year. Comments on the list are welcome, and GridForge is always available for uploads and comments as well. Best, DavidG. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **