Hi, Quoting [Stephen M Pickles] (May 07 2006):
X509 proxy certificates are described by RFC 3820, which has the status of proposed standard.
3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson. June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD)
"standard X509 certificates" are described by RFC 3280, which has the same status.
3280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W. Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes RFC2459) (Updated by RFC4325) (Status: PROPOSED STANDARD)
So I don't agree that proxies aren't standard.
However, I do agree that X509 isn't a good label for a security context based on Globus certificates. There are other X509-based security models, e.g. the one employed by UNICORE.
I also think that GSI (or even GlobusCert) is a more appropriate name - even if X509 was less general in definition and usage.
Stephen
PS Do I have to resort to CVS to get the current draft of the strawman?
The other way is to ask nicely on this list :-D I attach the current version. It is in editing, and parts are currently in tex, others in plain text. Sorry for that. In general though: yes, CVS is the preferred method. Cheers, Andre.
-----Original Message----- From: owner-saga-rg@ggf.org [mailto:owner-saga-rg@ggf.org] On Behalf Of G.E.POUND@soton.ac.uk Sent: 05 May 2006 16:09 To: Andre Merzky Cc: SAGA RG Subject: [saga-rg] Context inaccuracy
Andre,
There is an inaccuracy in the contexts described by the strawman. The context type 'X509' describes proxy certificates. These are not standard X509 certificates, therefore this type should be renamed GSI.
Graeme
-- "So much time, so little to do..." -- Garfield