Presentation is loading. Please wait.

Presentation is loading. Please wait.

Communications Ensuring a responsive IGTF community through periodic validation of communication co-supported by the Dutch National e-Infrastructure coordinated.

Published byHendra Hartono Modified over 6 years ago

Similar presentations

Presentation on theme: "Communications Ensuring a responsive IGTF community through periodic validation of communication co-supported by the Dutch National e-Infrastructure coordinated."— Presentation transcript:

1 Communications Ensuring a responsive IGTF community through periodic validation of communication co-supported by the Dutch National e-Infrastructure coordinated by SURFsara, and EGI Core Services

2 Interacting with the IGTF ID providers
Today Every 1-6 hours: CRL retrieval Every 24 hours: CRL Availability/Reliability check Every ~2 years: RAT Communications challenge but is that enough, and is it ‘healthy’? 17 January January 2019 Interoperable Global Trust Federation

3 Last RAT challenge results
In a strict interpretation we can say that ~30 % missed out on the requirement to react within one business day – only 70% were compliant .. and 13% did not reply at all – and the rechallenge only marginally improved it  Results communication test 2013: 76 % fullfilled the requirement % failed. 17 January January 2019 Interoperable Global Trust Federation Data: Ursula Epting, KIT

4 Interoperable Global Trust Federation 2005 - 2015
CRL availability Retrieved hourly, and assessed 2x per day February: 40(!) warnings generated, so 20 fault-days CRL expiration time too close CRL download unavailable at times seems like CAs are using the PMA warnings as their calender – this is not how it should be! Warnings are auto-generated and do not require response apart from fixing the issue – so are no measure of communication responsiveness 17 January January 2019 Interoperable Global Trust Federation

5 Interoperable Global Trust Federation 2005 - 2015
Self-audit status At least for EUGridPMA, self-audit are requested for the agenda (3x per year) from those CAs that are ‘due’ for one Some requests (to a very small number of CA managers) by the PMA chair lacked any response by Might complete non-response be an EUGridPMA-specific issue? EUGridPMA does not have monthly videoconfs … 17 January January 2019 Interoperable Global Trust Federation

6 Interoperable Global Trust Federation 2005 - 2015
We need to communicate What do we do with Non-responsive CAs and CA managers Consistently failing CRLs Consistently non-updated CRLs Non-response to the RAT challenge within a defined window? EUGridPMA proposed transparent and consistent process 17 January January 2019 Interoperable Global Trust Federation

7 Suspension consistency guidance proposal
What is your view? Suspension consistency guidance proposal suspend a CA for operational reasons if after N days of commencement of a failure condition it cannot be resolved time starts after the last test, so for an off-line CRL it means it has not been updated for already 60 days suspend a CA also after failure to respond to a Communications Challenge for more than N days increase the frequency of the RAT Challenges to twice-yearly and set the grace period N to 30 days unless there specific alleviatory circumstances are communicated 17 January January 2019 Interoperable Global Trust Federation

8 Getting more from the RAT CC
Merge in the request for SHA-2 status? “Are you issuing exclusively SHA-2 EECs now?” “Do you have any SHA-1 certs lets today?” Considerations Must be able to respond quickly (1 day) – asking for complex things that need checking might delay response Can ask for ACK, later measure follow-up? So (1) is likely preferred – but your choice! 17 January January 2019 Interoperable Global Trust Federation

9 Building a global trust fabric
Questions? Building a global trust fabric Interoperable Global Trust Federation

Download ppt "Communications Ensuring a responsive IGTF community through periodic validation of communication co-supported by the Dutch National e-Infrastructure coordinated."

Similar presentations

School statistic collections Summary of previous years, results, issues and proposed changes to future years collections.

School statistic collections Summary of previous years, results, issues and proposed changes to future years collections.
IGTF and SHA-2 David Kelsey TAGPMA meeting, SDSC Feb 2012.

IGTF and SHA-2 David Kelsey TAGPMA meeting, SDSC Feb 2012.
CVE-2008-0166, lessons learned and actions David Groep, Nov 7 nd, 2008.

CVE , lessons learned and actions David Groep, Nov 7 nd, 2008.
Michelle Groy Johnson Quality Improvement Officer Research Integrity Office Tough Love: Understanding the Purpose and Processes of Quality Assurance.

Michelle Groy Johnson Quality Improvement Officer Research Integrity Office Tough Love: Understanding the Purpose and Processes of Quality Assurance.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
Revocation in MICS §4.4 May 11-13, 2009 Zürich, Switzerland.

Revocation in MICS §4.4 May 11-13, 2009 Zürich, Switzerland.
Pathway Interaction Database (PID) Market Research BioPortals Tiger Team Meeting Mervi Heiskanen January 31, 2013.

Pathway Interaction Database (PID) Market Research BioPortals Tiger Team Meeting Mervi Heiskanen January 31, 2013.
Www.egi.eu EGI-InSPIRE RI-261323 EGI.eu European Grid Infrastructure www.egi.eu EGI-InSPIRE RI-261323 Credential Validation Middleware Requests compiling.

EGI-InSPIRE RI EGI.eu European Grid Infrastructure EGI-InSPIRE RI Credential Validation Middleware Requests compiling.
IGTF Risk Assessment Team 9/14/091.

IGTF Risk Assessment Team 9/14/091.
29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.

29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.
IGTF, WLCG, EGI and SHA-2 (and RFC proxies) David Kelsey (STFC-RAL and WLCG) TAGPMA meeting, Panama City Aug 2012.

IGTF, WLCG, EGI and SHA-2 (and RFC proxies) David Kelsey (STFC-RAL and WLCG) TAGPMA meeting, Panama City Aug 2012.
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Participating in the Community.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Participating in the Community.
IGTF in 10 years enabling the interoperable global trust federation Nikhef, Amsterdam supported the Dutch national e-Infrastructure funded and coordinated.

IGTF in 10 years enabling the interoperable global trust federation Nikhef, Amsterdam supported the Dutch national e-Infrastructure funded and coordinated.
Data Quality Lyndsay Pendegrass IST Peter Hyland

Data Quality Lyndsay Pendegrass IST Peter Hyland
CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers By Kartik Patel.

CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers By Kartik Patel.
Interset Support Overview March 2017

Interset Support Overview March 2017
Wallpaper only – on screen during welcome and chat

Wallpaper only – on screen during welcome and chat
Dependent Eligibility Audit CEWW Health Insurance Consortium

Dependent Eligibility Audit CEWW Health Insurance Consortium
ONAP security meeting 2017-08-02.

ONAP security meeting
Jens Jensen EU Grid PMA, Berlin Jan 2015

Jens Jensen EU Grid PMA, Berlin Jan 2015

Similar presentations

Ads by Google