HKU Grid Certificate Authority (HKU Grid CA) CP/CPS Reviewer’s Comments Bill Yau (billyau_hpc@hku.hk)

Slides:

Advertisements

Similar presentations

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.

Advertisements

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Common Errors to avoid in IRB- 03 (VA) Applications.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

ETravel Authorization / Reimbursement Overview SOLAR Financials x 6685 July 8, 2014.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

Election Assistance Commission United States VVSG Technical Guidelines Development Committee (TGDC) NIST July 20, 2015 Gaithersburg,

DWINSA 2007 Website. Website Purpose Allow states to track status of questionnaires Allow systems >100K or states to upload project data.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

New Registration This document takes you through the process of new registrations for the University’s online systems. A new registration is defined as.

Updates of APGrid PMA 22 June, Members (15 + 1) 15 Accredited CAs AIST (JP) APAC (AU) ASGC (TW) CNIC (CN), SDG IGCA (IN) IHEP (CN) KEK (JP) KISTI.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

Title V Operating Permit Program 1 Section 1: Intro to Title V Laura McKelvey U.S. EPA.

Drinking Water Infrastructure Needs Survey and Assessment 2007 Website.

IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr Computing Centre, IHEP,CAS,China.

IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.

UNAMgrid Alejandro Núñez Sandoval Rio de Janeiro, Brazil, 03/27/06 F2F meeting, TAGPMA.

Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.

Academia Sinica Grid Computing Certification Authority (ASGCCA)

Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

IST E-infrastructure shared between Europe and Latin America ULAGrid Certification Authority Vanessa Hamar Universidad de Los.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

Slide title In CAPITALS 50 pt Slide subtitle 32 pt SEND Certificate Profile draft-krishnan-cgaext-send-cert-eku-01 Suresh Krishnan Ana Kukec Khaja Ahmed.

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.

RPKI Certificate Policy Status Update Stephen Kent.

Retail Market Subcommittee Update to TAC May 6, 2004.

TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM

HKU Computer Centre Grid Certificate Authority Status Update Lilian Chan IT Services, The University of Hong Kong APGrid.

18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.

Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )

HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.

Armenian e-Science Foundation Certification Authority Ara A. Grigoryan 1,2, Artem Harutyunyan 1,2,3, Arsen Hayrapetyan 1,2,4 1 Armenian e-Science Foundation;

News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.

Updates of APGrid PMA 18 th EUGridPMA Meeting 18 th EUGridPMA Meeting 18 January, 2010 Eric Yen ASGCCA Taiwan.

29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.

IHEP Grid CA Status Report F2F Meeting 17 Mar Computing Centre, IHEP,CAS,China.

TNGrid CA 24 th EUGridPMA meeting Ljubljana, Slovenia, January, 2012 Heithem ABBES Mohamed JEMNI

IRAN-GRID Certificate Authority 13 th EUgridPMA Meeting Copenhagen May 2008 Majid Arabgol Hessamdding Arfaei Shahin Rouhani

Self-Audit & Status Report for KEK GRID CA Hiroyuki Matsunaga KEK (High Energy Accelerator Research Organization), Computing Research Center APGridPMA.

26-28 January 2009 – Nicosia, EUGridPMA CALG CP/CPS updates Dana Ludviga LatGrid CA, SigmaNet, IMCS UL.

PKGrid CA Self-Audit 2012 Adeel-ur-Rehman Mansoor Sheikh.

IRAN-GRID CA Self Audit IRAN-GRID CA Self Audit Report Shahin Rouhani IRAN-GRID Tehran Iran Shahin Rouhani Grid Computation Group IPM, Tehran, Iran May.

SSL Certificates for Secure Websites

AEGIS Certification Authority

Implementation of ARIN's Lame DNS Delegation Policy

Updates of the APGrid PMA

UGRID CA Sergii Stirenko, Oleg Alienin

ERO Portal Overview & CFR Tool Training

ColumbiaGrid Planning Meeting RAC/ADS Updates October 13, 2016

Security in ebXML Messaging

Public-Key Certificates

SCC P2P – Collaboration Made Easy Contract Management training

Resource Certificate Profile

WG Document Status Compiled By: Lou Berger, Vishnu Pavan Beeram

MaGrid CA Self audit and update

and the SHA-1 depreciation time line and status

<month year> doc.: IEEE < e> <September 2018>

NATIONAL CENTRE FOR PHYSICS PK-Grid-CA

Certificate Revocation

Emir Imamagić University Computing Centre (Srce)

Bill Yau HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau

MyIFAM CA Self-Audit Report APGridPMA F2F Meeting 1/4/2019

KISTI CA Report Status & Self-Audit

BG.ACAD CA Self-audit report 2018

Q: How do I view and upload a document?

OCSP Requirements GGF13.

Presentation transcript:

HKU Grid Certificate Authority (HKU Grid CA) CP/CPS Reviewer’s Comments Bill Yau (billyau_hpc@hku.hk)

Timeline (20th F2F Meeting) – Draft CP/CPS 3.0 Submitted for Review 19 Oct – 23 Nov: 1st Round Review 14 Feb – 20 Feb: 2nd Round Review Sibling APGridPMA CAs Involved: KISTI, KR (Sang-Un) IGCA, IN (Santhosh)

Summary of Approved Changes “Computer Centre” has been removed from Document Title and HKU Grid CA title [1.2][1.6.1] Document Version has been changed to 3.0 [1.2] Document Date has been changed to 9 February 2018 [1.2] CP/CPS OID has been modified [1.2][7.1.2] OCSP service have been added [1.3.3] [1.6.1] [3.1.5][3.2.3][4.1.2][4.9.9][4.9.10][6.3.2][7.1.2] New version of “Guidelines on Private Key Protection” has been used as reference [1.3.3][4.1.2] Purposes of certificate use has been revised [1.4.1] URL of CA root certificate and CRL have been modified [2.2][7.1.2]

Summary of Approved Changes Direct contact in person has been added as a way of certificate revocation request [3.4][4.9.3] Certificate enrollment/rekey process have been revised [4.1.2][4.7.3] Length of user/host keys has been updated to at least 2048 bits long [4.1.2][6.1.5] CA’s key pair length has been updated to 4096 bits [6.1.5][7.1.3] Record retention period has been changed to 3 years [5.4.3][5.5.2] Email for Issuer Alternative Name has been changed to gridca@hku.hk [7.1.2] CN of issuer name form has been updated to “HKU Grid CA 2” [7.1.4] Minor grammatical error have been corrected [1.3.2][1.3.3][1.3.4] Section of Bibliography has been removed

Some Feedback on Comments Few minor corrections might be still required as follows: 1) Document titles in front page and in Section 1 are not identical 2) Links are broken - http://ca.grid.hku.hk/cacert/cacert2.pem - http://ca.grid.hku.hk/crl/cacrl2.pem - http://ca.grid.hku.hk/crl/cacrl2.der - http://ca.grid.hku.hk/pki/pub/cacert/cacert2.crt This CP/CPS version 3.0 is planned to be used on a new host which is not online yet, thus these paths are currently empty. The addresses would be populated when the host is online (and start signing certificates).