1. INFN CA1 active since July 1998 http://security.fi.infn.it/CA/ manager: –Roberto Cecchini types of certificates released: –personal –server –object signing CRLs generated every week LDAP support in preparation

2. INFN CA2 Policy personal certificates –request via web browser (Netscape or IE) –phone check by the CA –sign, send url (by e-mail) and download server & object signing –request (by e-mail) signed by a personal certificate –sign and send (by e-mail)

3. INFN CA3 CA coordination only one (European?) CA –very difficult to verify user identity many CAs –how to establish mutual trust relationship? hierarchical structure –a top CA trusted by all requirements –common policy guidelines –common security requirements –periodic checks?