X509 proxy certificates are described by RFC 3820, which has the status of proposed standard. 3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson. June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD) "standard X509 certificates" are described by RFC 3280, which has the same status. 3280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W. Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes RFC2459) (Updated by RFC4325) (Status: PROPOSED STANDARD) So I don't agree that proxies aren't standard. However, I do agree that X509 isn't a good label for a security context based on Globus certificates. There are other X509-based security models, e.g. the one employed by UNICORE. Stephen PS Do I have to resort to CVS to get the current draft of the strawman?
-----Original Message----- From: owner-saga-rg@ggf.org [mailto:owner-saga-rg@ggf.org] On Behalf Of G.E.POUND@soton.ac.uk Sent: 05 May 2006 16:09 To: Andre Merzky Cc: SAGA RG Subject: [saga-rg] Context inaccuracy
Andre,
There is an inaccuracy in the contexts described by the strawman. The context type 'X509' describes proxy certificates. These are not standard X509 certificates, therefore this type should be renamed GSI.
Graeme