On Mon, 13 Jun 2005, Alessandra Forti wrote:
> Hi Andrew,
>
> what scares me is not this incident in particular. It is the fact that
> there is no infrastructure to face an hyphotethical real incident. All we
> got was someone writing to LCG-ROLLOUT saying: "there is an urgent need to
> blacklist a certificate please advise". I haven't seen 1 answer that was
> pointing to official documentation saying how to blacklist a certificate
> and what procedure to follow. Is there any doc about it? :(
But if that existed, the OP would have followed it and we might never have
heard there was a problem...
http://gridpp.rl.ac.uk/deployment/security/inchand/index.html
has a plethora of incident notification options - what puzzles me is that
the obvious place to look
http://proj-lcg-security.web.cern.ch/proj-lcg-security/incident_response.html
doesn't *appear* to have any up-to-date info.
*Was* this issue raised through any other channels (maybe Brunel isn't on
some list that it should be on?)? If the current mechanisms are never
exercised then there's no chance they'll grow into anything useful.
Would some sort of report on this at Durham be appropriate?
Henry
--
Dr. Henry Nebrensky [log in to unmask]
http://people.brunel.ac.uk/~eesrjjn
"The opossum is a very sophisticated animal.
It doesn't even get up until 5 or 6 p.m."
|