Revised Grid Certificate Profile (GFD.125bis) version 0.7 uploaded
Dear all, Following the discussions at OGF38a and addressing the public comments, a new version (0.7) of the Grid Certificate Profile is now at: http://redmine.ogf.org/dmsf_files/25 It contains the following material changes: - attribute names have been normalised and changed to match RFC5280 - explanatory text clarified in several places by re-ordering sentences - SHA-2 description for CAs and EECs harmonised - table headings added for DNs and attributes, and clarified normative language columns - expanded the list of eKU values, instead of refering to non-existent section 5 - fixed one 'rfc822emailAddress' misnomer to read "rfc822Name" Also, when implementing these changes I found one inconsistency: - subject RDN description in section 3.3.1 mentioned only PrintableString and UTF-8 string, but in section 3.3.4 and 3.3.6 it specifically added IA5String and advised its use. Added IA5String as permissible to 3.3.1 and 3.3.3 as well, in particular to encode the "@" sign in commonName attributes. The 7-bit printable ASCII subset of UTF-8 is given as permissible. The changes are highlighted in the PDF at http://redmine.ogf.org/dmsf_files/13083 Depending on Jens or Greg, this now may need to go back to public comment after the WG has reviewed the changes (the updates are minor but not insignificant). Best, DavidG. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **
Splendid, thanks, David. So most of the changes were addressing the public comments, and addressing the public comments - given that the public comments are, er, public, should not need to go to public comments, IMHO. However, given the number of other changes, I'd feel happier if it went back to public comments. In particular, I don't think using IA5 for the commonName is right. I know the CN can (or could) be encoded as printableString, T61 and BMP and UTF-8, but I must have missed the RFC that permits using IA5 for the CN. RFC4514 section 3 says UTF-8. So perhaps another period of comments may be productive. Cheers --jens
participants (2)
-
David Groep
-
Jens Jensen