PKGrid CA Self-Audit 2012 Adeel-ur-Rehman Mansoor Sheikh.

Slides:



Advertisements
Similar presentations
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Advertisements

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
Revocation in MICS §4.4 May 11-13, 2009 Zürich, Switzerland.
IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr Computing Centre, IHEP,CAS,China.
IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.
Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.
EUGridPMA status and updates David Groep, GGF18. EUGridPMA Status Update, TAGPMA Ottawa David Groep – Items  EUGridPMA.
Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.
Academia Sinica Grid Computing Certification Authority (ASGCCA)
Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.
1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.
0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
MICS Authentication Profile Maintenance & Update Presented for review and discussion to the TAGPMA On 1May09 by Marg Murray.
Egypt Certification Authority Dr. Ayman Bahaa-Eldin EUN Director 8 May th EuGridPMA meeting, Germany.
NIIF CA Status Update and Self-Audit Results 15 th EUGridPMA meeting Nicosia Tamás Máray NIIF Institute.
Baltic Grid Certification Authority 15th EUGridPMA, January 28th 2009, Nicosia1 Self-audit Hardi Teder EENet.
TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM
HKU Computer Centre Grid Certificate Authority Status Update Lilian Chan IT Services, The University of Hong Kong APGrid.
FP6−2004−Infrastructures−6-SSA [ Empowering e Science across the Mediterranean ] Rome, Tutorial for Certification Authority Managers,
BG.ACAD CA HTTP :// CA. ACAD. BG S ELF - AUDIT REPORT 2014 Vladimir Dimitrov IICT-BAS ( 32 nd EUGridPMA Meeting Poznan, 8-10.
18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.
Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )
Feyza Eryol TÜBİTAK ULAKBİM TR-GRID CA SELF-AUDIT & UPDATES.
UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.
HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.
29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.
TNGrid CA 24 th EUGridPMA meeting Ljubljana, Slovenia, January, 2012 Heithem ABBES Mohamed JEMNI
H I A S T HIAST GRID CA 21 th EUGridPMA meeting Utrecht, January, 2011 Ghassan SABA Houssam ABED
IRAN-GRID Certificate Authority 13 th EUgridPMA Meeting Copenhagen May 2008 Majid Arabgol Hessamdding Arfaei Shahin Rouhani
AAVS Middleware Security Group Bob Cowles CERN – September 14, 2005.
Self-Audit & Status Report for KEK GRID CA Hiroyuki Matsunaga KEK (High Energy Accelerator Research Organization), Computing Research Center APGridPMA.
26-28 January 2009 – Nicosia, EUGridPMA CALG CP/CPS updates Dana Ludviga LatGrid CA, SigmaNet, IMCS UL.
IRAN-GRID CA Self Audit IRAN-GRID CA Self Audit Report Shahin Rouhani IRAN-GRID Tehran Iran Shahin Rouhani Grid Computation Group IPM, Tehran, Iran May.
TAG Presentation 18th May 2004 Paul Butler
Key management issues in PGP
Jens Jensen EU Grid PMA, Berlin Jan 2015
AEGIS Certification Authority
Classic X.509 AP updates (v4.1)
UGRID CA Sergii Stirenko, Oleg Alienin
Guidelines for auditing Grid CAs
TAG Presentation 18th May 2004 Paul Butler
HellasGrid CA & euGridPMA
CS480 Cryptography and Information Security
جايگاه گواهی ديجيتالی در ايران
MaGrid CA Self audit and update
NATIONAL CENTRE FOR PHYSICS PK-Grid-CA
Emir Imamagić University Computing Centre (Srce)
Bill Yau HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau
MyIFAM CA Self-Audit Report APGridPMA F2F Meeting 1/4/2019
HKU Grid Certificate Authority (HKU Grid CA) CP/CPS Reviewer’s Comments Bill Yau
KISTI CA Report Status & Self-Audit
BG.ACAD CA Self-audit report 2018
National Trust Platform
Presentation transcript:

PKGrid CA Self-Audit 2012 Adeel-ur-Rehman Mansoor Sheikh

2 Brief History PK-Grid CA was first presented and accredited during 2 nd EuGridPMA meeting (held in September 2004) at Brussels Minor updates until 2012 –Infrastructure updates machine specs, kernel version, openssl updates –more secure premises Progressively restrictive access privileges among multiple physical tiers

3 Audit Results Audit guidelines used: GFD.125 (dated: March 31, 2008) In policy: – B: 3 – C: 1 – D: 3 – X: 4

4 “B”: 1/3 Is a CRL issued at least 7 days before expiration (for off-line) or 3 days before expiration (for on-line)? (CA item 29) –We missed it a couple of times.

5 “B”: 2/3 The repository must be run at least on a best-effort basis, with an intended availability of 24x7. (CA item 49) –We had few un-announced downtimes.

6 “B”: 3/3 Over the entire lifetime of the CA it must not be linked to any other entity. How does the CA guarantee this requirement? (RA item 8) –This guarantee is not explicitly mentioned in the CP/CPS.

7 “C”: 1/1 Every CA should perform operational audits of the CA/RA staff at least once per year. (CA item 47) –This has not been practiced regularly.

8 “D”: 1/3 Does the CA or RA have documented evidence on retaining the same identity over time? (RA item 6) –We need to have a documented evidence on retaining the same identity over time.

9 “D”: 2/3 Does the RA record and archive all requests and confirmations? (RA item 11) –The archival for requests and confirmations is currently done by the CA, as we have a small user community.

10 “D”: 3/3 Does the RA maintain the archive of these records in an auditable form? (RA item 12) –An RA does not maintain such records in auditable form. –The archival for requests and confirmations is currently done by the CA, as we have a small user community.

11 “X”: 1/4 Is the CA system completely off-line or one-line which uses FIPS level 3 capable HSM operated in FIPS level 3 mode? (CA item 9) –CA machine is completely offline. –Therefore, We do not have HSM.

12 “X”: 2/4 Does the on-line CA provide a log of issued certificates and a signed revocation list? Is the log tamper-protected? (CA item 16) –CA server is not an online machine.

13 “X”: 3/4 Are new EE certificates signed by a new cryptographic data? (CA item 18) –Yes, new certificates are signed by new cryptographic data. Is the old but still valid certificate available if there are still valid certificates signed by the old private key ? (CA item 18) –NO, as the transition period is not due yet! –Also, old certificates and old key is not valid any more.

14 “X”: 4/4 How is the re-new process described? (CA item 41) –We do not have a renewal policy for certificates as PK-GRID CA does not renew certificates rather it only rekeys…

Questions/Suggestions are welcome! 15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.