Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March 08 2008.

Published byStephany Maxcy Modified over 9 years ago

Similar presentations

Presentation on theme: "1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March 08 2008."— Presentation transcript:

1 1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March 08 2008

2 2 Outline ASGCCA basic audit Information ASGCCA Audit Score list The Detailed Audit Report Summary & Further Plan

3 3 ASGCCA Self-Audit Info Time : March 2008 Place : Academia Sinica Staff : Jinny Chien, Min Tsai, Felix Lee and Eric Yen The relevant document: CP/CPS, CA cert, EE cert, Host cert and any other document available for the auditors Others : CA room, CA machine etc….

4 4 A List of Marks for Auditing According to the result of the examination and each item can be scored from A to D, and X as below. A : Good B : Recommendation (minor change) C : Recommendation (major change) D : Advice (must change) X : Could not evaluate (N/A)

5 5 ASGCCA Self-Audit Status Full items are 71 During this evaluation, ASGCCA got the following scores. Score A (Good): 57 / 71 Score B (minor change): 10 / 71 Score C (major change): 2 / 71 Score D (must change): 1 / 71 Score X (N/A): 1 / 71 The following reports only included score B to score X

6 6 The Audit Report Format ScoreASGCCA gets the score at this item DiagnosisCheck the relevant documents StatusThe status of ASGCCA now SolutionThe improvability of ASGCCA Evaluation: The items of the auditing checklist

7 7 Self-Audit Detailed Report(1)‏ ScoreB DiagnosisASGCCA CP/CPS Status The ASGCCA CP/CPS is structured in RFC 2527 Solution (In progress) We plan to modify current the CP/CPS this year and the new CP/CPS will follow RFC 3647. Evaluation: The CP/CPS document is structured in RFC 3647

8 8 Self-Audit Detailed Report(2)‏ ScoreD DiagnosisASGCCA CA certificate and CRL Status CA ’ s cert and CRL describe the signature algorithm is MD5. (MD5 must not be used in particular)‏ Solution (In progress) Use another signature algorithm such as SHA1 and add it at the annual CA schedule Evaluation: The message digests of the certificate and CRLs generated

9 9 Self-Audit Detailed Report(3)‏ ScoreB DiagnosisCA certificate and EE certificates Status CA cert and EE cert are compliant with the current Grid Certificate Profile but there is MD5 problem must be resolved. Solution (In progress) Use another signature algorithm such as SHA1 and add it at the annual CA schedule Evaluation: CA cert and EE cert must comply with the IGTF and OGF profile

10 10 Self-Audit Detailed Report(4)‏ ScoreB DiagnosisASGCCA CRLs Status No description in the current CP/CPS and we use CRL version 1 Solution (In Progress ) Check the CRL profile and modify the current CP/CPS. Evaluation: The CRLs must be compliant with RFC 3280 and use version 2(recommended)‏

11 11 Self-Audit Detailed Report(5)‏ ScoreC DiagnosisASGCCA CP/CPS Status ASGCCA CP/CPS does not describe the transition procedure Solution (Done) We modified the current CP/CPS and added this information to the version 2.1 Evaluation: The CP/CPS described the transition of the CA’s cryptographic data

12 12 Self-Audit Detailed Report(6)‏ ScoreA DiagnosisASGCCA CA certificate Status Old and New ASGCCA CA life time are not longer than 20 years. However, our CP/CPS is only states 5 years limit. Solution (Done) We modified the current CP/CPS and added this information to the version 2.1 Evaluation: The CA lifetime must be no longer than 20 years

13 13 Self-Audit Detailed Report(7)‏ ScoreB Diagnosiscertificates Status We have re-key procedures which are described on the CA web page but not in the CP/CPS Solution (Done) We modified the current CP/CPS and added this information to the version 2.1 Evaluation: The rekey process described to the CP/CPS

14 14 Self-Audit Detailed Report(8)‏ ScoreB DiagnosisAudits and CP/CPS Status There are more information about the compliance audit but no information describing how we audit RAs Solution (Done) We modified the current CP/CPS and added this information to the version 2.1 Evaluation: The CA perform operational audits of CA/RA at the regular time

15 15 Self-Audit Detailed Report(9)‏ ScoreB DiagnosisHost certificate Status Users directly access the secure web page to generate FQDNs. Then CA will verify this request with RAs. Solution (Done) User -> RA -> CA This information must add to the version 2.1 Evaluation: How does the RA verify the FQDN of the host certificate

16 16 Self-Audit Detailed Report(10)‏ ScoreB DiagnosisCA and RA Status ASGCCA uses signed mails between CA and RA but there is no information to the current CP/CPS and only on the web Solution (Done) Added the details to the draft version 2.1 Evaluation: The secure communication between CA and RA

17 17 Summary & Further Plan ASGCCA will resolve the following problems in 2008 1.MD5 problem on all certificates from ASGCCA 2.The CP/CPS is compliant with RFC 3647 3.CRL profile is compliant with RFC 3280 4.Publish new version CP/CPS

18 18 Reference ASGCCA web http://ca.grid.sinica.edu.tw The current CP/CPS http://ca.grid.sinica.edu.tw/publication/index.php#CP/CPS The revised CP/CPS version 2.1 The Audit Report

19 19 Any Question? Thanks for the listening

Download ppt "1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March 08 2008."

Similar presentations

Updates of the APGrid PMA Catania March 3, 2009 Yoshio Tanaka APGridPMA Chair, AIST, Japan.

Updates of the APGrid PMA Catania March 3, 2009 Yoshio Tanaka APGridPMA Chair, AIST, Japan.
Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.

Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.

RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien F2F Meeting 8 th March 2010.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien F2F Meeting 8 th March 2010.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
Updates of APGrid PMA 22 June, 2010. Members (15 + 1) 15 Accredited CAs AIST (JP) APAC (AU) ASGC (TW) CNIC (CN), SDG IGCA (IN) IHEP (CN) KEK (JP) KISTI.

Updates of APGrid PMA 22 June, Members (15 + 1) 15 Accredited CAs AIST (JP) APAC (AU) ASGC (TW) CNIC (CN), SDG IGCA (IN) IHEP (CN) KEK (JP) KISTI.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
NAREGI CA Updates Kento Aida NAREGI CA/NII Kento Aida, National Institute of Informatics APGrid PMA meeting 04/20/2008.

NAREGI CA Updates Kento Aida NAREGI CA/NII Kento Aida, National Institute of Informatics APGrid PMA meeting 04/20/2008.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
IHEP Grid CA Status Report Wei F2F Meeting 8 Mar. 2010 Computing Centre, IHEP,CAS,China.

IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.

Similar presentations

Ads by Google