Dear all,
This is mainly an advance warning that the UK e-Science
CA will not be able to issue certificates on 20-22 Sep.
We have normally 6 people who can sign certificates but
they will all be at the AHM.
I expect someone will issue certificates on the 19th
(not sure who though), but it may be earlier in the day
than usual. If you need certificates for the AHM (check
those validity dates!), try to ensure that your RA has
approved the requests by the 15th (Thursday).
I apologise for any inconvenience (and hope to see you at
the AHM).
Also to thank you for the CA usability feedback, in general
very constructive and useful. The GOSC has in fact planned
to improve usability for some time (for example, we've got a
poster at AHM and a proposal for funding pending).
All your feedback will be taken into account and individual
requests and ideas will be responded to. September is quite busy,
as you know, but I will get back to you by 21 Oct at the latest
with details of how things have improved (by then) and further
immediate plans.
Since we have limited effort until then, I plan to implement
the easiest changes with the largest impact (e.g. send a
response also to the user and not just to the RA, when a
request has been received). And finish things that are already
near completion.
In addition to that, the GOSC has now launched its new web site
on http://www.grid-support.ac.uk/ and the CA web site is
still http://www.grid-support.ac.uk/ca/ as usual. There
may be minor hiccups, so please report any such to the GOSC
on [log in to unmask]
Also, while (if?) I have your attention, I wish to make a few changes
to the CP/CPS. I always have a long todo (and wish-) list, but the
usability feedback has encouraged me to implement some sooner rather
than later.
For example, it appears that RAs sometimes take a more relaxed attitude
to server request verification. According to the CP/CPS, the requestor
must prove his/her identity to the RA also when applying for a host cert,
because a malicious requestor can do damage (even without access
to DNS), so we need to know exactly who owns the request. Consequently
I plan to require that the user presents a user certificate when
applying for a host certificate (thus easing the id step for both RA
and requestor, but of course the RA will still have to verify that
the requestor is responsible for the host, or requestor will have to
prove it). That's the only biggie.
If you have any (further) comments or questions, you're welcome to
follow up to me but I strongly suggest grabbing me at the AHM.
Thanks,
--jens
|