Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]] On Behalf Of Jensen, J (Jens) said:
> You probably know this but Dave Kant implemented encryption stuff
> for APEL. It takes the DN, adds random stuff which includes
> timestamp IIRC, and encrypts it with an RSA public key and sends
> it off to the central db where it's decrypted. The random
> stuff prevents the same user from being sent as the same
> encrypted message every time...
Is it that hard to crack though? You have a fairly small pool of
possible DNs, and most of the timestamp is predictable.
> Maybe it's ok to say that so-and-so is running a job without
> saying what the job is? The only personal information in the
> DN is the CN, and that's just the name (the OU and L are
> specifically *not* saying anything about affiliation).
For the UK, as far as I remember the data protection act covers anything
which is identifiable as relating to a particular person. Among other
things, for a two-pound fee anyone who stores data about me has to give
me a copy of everything - I wonder how many sites could comply?
Stephen
|