YES!
- As Weizhong mentions, there are additional validation steps in the event that GSI detects the presence of a proxy-extension within a certficate during handshake. But nothing that affects wire protocol.
And exactly because of this fact we have to indicate which services have to take these validation steps and which not. Q: The question is thus how you indicate within the PGI profiles that you support proxies or only full certificates (w/o additional validation steps). We getting closer... Take care, Morris -------------------------------------------------------------------------------- Morris Riedel SW - Engineer Distributed Systems and Grid Computing Division Central Institute of Applied Mathematics Research Centre Juelich Wilhelm-Johnen-Str. 1 D - 52425 Juelich Germany Email: m.riedel@fz-juelich.de Info: http://www.fz-juelich.de/zam/ZAMPeople/riedel Phone: +49 2461 61 - 3651 Fax: +49 2461 61 - 6656 Skype: MorrisRiedel 'We work to improve ourselves and the rest of mankind.' Content-Type: multipart/alternative; boundary=00163646c4b66c64ef04658ce960 --00163646c4b66c64ef04658ce960 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
I think Weizhong means implmentation of GSIAPI like one from Globus which does have own communication protocol incompatible with TLS.
I don't believe there are any protocol changes between the secure-communication in GSI-API (GSI-OpenSSL) and TLS. As Weizhong mentions, there are additional validation steps in the event that GSI detects the presence of a proxy-extension within a certficate during handshake. But nothing that affects wire protocol. -Duane --00163646c4b66c64ef04658ce960 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable <div class=3D"gmail_quote"> <blockquote class=3D"gmail_quote" style=3D"PADDING-LEFT: 1ex; MARGIN: 0px 0= px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"> <div class=3D"im">=A0</div>I think Weizhong means implmentation of GSIAPI l= ike one from Globus which does have<br>own communication protocol incompati= ble with TLS.<br><font color=3D"#888888"></font></blockquote> <div>=A0</div> <div>=A0</div> <div>=A0</div> <div>I don't believe there are any protocol changes between the secure-= communication in GSI-API (GSI-OpenSSL) and TLS.=A0 </div> <div>=A0</div> <div>As Weizhong mentions, there are additional validation steps in the eve= nt that GSI detects the presence of a proxy-extension within a certficate d= uring handshake.=A0 But nothing that affects wire protocol.</div> <div>=A0</div> <div>-Duane</div></div> --00163646c4b66c64ef04658ce960-- ------------------------------------------------------------------- ------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt, Dr. Sebastian M. Schmidt ------------------------------------------------------------------- ------------------------------------------------------------------- _______________________________________________ Pgi-wg mailing list Pgi-wg@ogf.org http://www.ogf.org/mailman/listinfo/pgi-wg