[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gridshib-user] The meaningless CA

To: "GridShib Users" <gridshib-user@xxxxxxxxxx>
Subject: [gridshib-user] The meaningless CA
From: "Tom Scavo" <trscavo@xxxxxxxxx>
Date: Tue, 2 Sep 2008 13:05:53 -0400
Delivered-to: glbs-gridshib-user-sendit@mailbouncer.mcs.anl.gov
Delivered-to: glbs-gridshib-user@mailbouncer.mcs.anl.gov
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=St9q0Yq9bPROznAQDrHk0fb9/hhXv9Q2iopjiX2yAmc=; b=uLE8Eu+4zcXDZ5xcjkNRiPcv6D0U95Ylf8KRVfxjPcpTtg/zOKG1q8RxkVxYj1Oiji RVbLAIuzwH6Ea2eIdTV/vu5k851/irg5zK2rQWdR5WlblNXIq0t2Ww+Gh4NK9kVytB9z kiAjzBZDDBiIx1Rnb/ykOtgU+EHtqYcB+AHaM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=sJ4JxX4s+ekuNpT+WhkhWFVgLl6yhpjZkbAN703KNXWD+I11ESAb+fcFa0I5AN0CBw K/VKkO8vyLi+nRaVkHDftXSYFK31mGz5z9C5Q9gveNYrWxjs5kNttKDCVsGPPWhxZOKL ctqejKqr1FlMOl0bhXpS5vOAzFNNEEyRIdRzo=
Sender: owner-gridshib-user@xxxxxxxxxx

The "meaningless CA" is an interoperable, untrusted CA with a
well-known private key:

Auto Issued X.509 Certificate Mechanism (AIXCM)
http://www.ietf.org/internet-drafts/draft-moreau-pkix-aixcm-00.txt

Von has contributed a conforming implementation of the meaningless CA:

http://gridshib.globus.org/downloads/meaningless-ca.tar.gz
http://gridshib.globus.org/downloads/meaningless-ca.zip

The archive includes the meaningless CA certificate and its private
key, as well as an end-entity credential issued by the meaningless CA.
 Also included is a signing policy file suitable for inclusion in the
Globus trusted certificates directory.  All of the files in the
archive have been committed to CVS:

http://viewcvs.globus.org/viewcvs.cgi/gridshib/saml/tool/java/etc/meaningless-ca/

Certificates issued by the meaningless CA are useful for testing
purposes.  They are preferable to self-signed certificates since the
latter are known to be incompatible with existing implementations
(such as Globus) and standards (such as RFC3820).

Tom

Follow-Ups:
- [gridshib-user] Re: The meaningless CA
  - From: Tom Scavo

Prev by Date: Re: [gridshib-user] SAML Holder-of-Key Authentication in GridShib (Google Summer of Code @ Globus)
Next by Date: [gridshib-user] GridShib SAML Tools v0.5.0 RC3
Previous by thread: Re: [gridshib-user] SAML Holder-of-Key Authentication in GridShib (Google Summer of Code @ Globus)
Next by thread: [gridshib-user] Re: The meaningless CA
Index(es):
- Date
- Thread