Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.

Published byHarvey Hall Modified over 9 years ago

Similar presentations

Presentation on theme: "Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS."— Presentation transcript:

1 Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison sam.morrison@arcs.org.au ARCS

2 Sam Morrison APAC CA – APGridPMA - ISGC2010 Info APAC Certification Authority – Classic CA Profile – Accredited Feb 2006 – Lifetime 10 years – Expires 2016 – Now run by ARCS, CA Location - Melbourne AUS Software – OpenCA (old version)

3 Sam Morrison APAC CA – APGridPMA - ISGC2010 Status People – 3 CA Staff (Sam, Andy, Russell) – 47 RA Operators Issued (to date) – 942 User – 1294 Host

4 Sam Morrison APAC CA – APGridPMA - ISGC2010 Current Valid Certificates User : 179 Web Server : 329 RA Operators: 37 Total 544 (2 CA Operators)

5 Sam Morrison APAC CA – APGridPMA - ISGC2010 Issuing Trend

6 Sam Morrison APAC CA – APGridPMA - ISGC2010 Self Audit Using guidelines for Auditing Grid CAs version 1.0

7 Sam Morrison APAC CA – APGridPMA - ISGC2010 46 - B The profile of the end entity certificates must also comply with the current IGTF and OGF certificate profile guidelines before being included in any distribution of certificates. – CPS wasn't changed to show changes to End Entity certs in relation to extra OIDs – Certificates were changed just not reflected in CPS

8 Sam Morrison APAC CA – APGridPMA - ISGC2010 B - 56 A list of CA and RA personal should be maintained and verified at least once per year. CA Staff have changed – Manager changed from David Bannon to myself. (section 1.3) RA Operator list needs to be verified more frequently

9 Sam Morrison APAC CA – APGridPMA - ISGC2010 38 - C The message digests of the certificates and CRLs must be generated by a trustworthy mechanism, like SHA1 (in particular, MD5 must not be used). – Still using MD5 (1 of a couple Cas still out there) – Still working on modifying software to deal with this.

10 Sam Morrison APAC CA – APGridPMA - ISGC2010 17 - D The pass phrase of the encrypted private key must also be kept on off-line media, separated from the encrypted private keys and guarded in a secure location where only the authorised personnel of the CA have access. Alternatively, another documented procedure that is equally secure may be used. – Wasn't the case. (Was destroyed when we replaced safes) – Is now back in place

11 Sam Morrison APAC CA – APGridPMA - ISGC2010 X - 8 The CP/CPS documents should be structured as defined in RFC 3647. – Still use 2527 – No plan to change

12 Sam Morrison APAC CA – APGridPMA - ISGC2010 X - 49 Certificates associated with a private key residing solely on hardware token may be renewed for a validity period of up to 5 years (for equivalent RSA key lengths of 2048 bits) or 3 years (for equivalent RSA key lengths of 1024 bits). – Don't provide specific support for hardware tokens

13 Sam Morrison APAC CA – APGridPMA - ISGC2010 Self Audit Summary 71 As 2 Bs 1 C 1 D 2 Xs

14 Sam Morrison APAC CA – APGridPMA - ISGC2010 Updated CPS - V1.5 http://wiki.arcs.org.au/bin/view/Main/CaPolicy_1_5 1.1 – Change APAC to ARCS 1.3 – Change manager to Sam Morrison, Change APAC to ARCS 1.4 – Change contact email 7.1.2 – Add New OIDs to certificate extentions

Download ppt "Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS."

Similar presentations

Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.

Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.
1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March 08 2008.

1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March
CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
AQA Computing A2 © Nelson Thornes 2009 Section 6.4 1 Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
IHEP Grid CA Status Report Wei F2F Meeting 8 Mar. 2010 Computing Centre, IHEP,CAS,China.

IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.

Similar presentations

Ads by Google