Sounds OK, David.
All the CA requires is that the request was made by the person
responsible for the machine; that the DNS name in the request
matches that of the host.
(Well, and that they keysize is >= 1024 bits, that the signature
was made with the corresponding private key, that the request
is PKCS#10 or SPKAC formatted, that the exponent is 65537 (or at
least not 3), etc.)
People have previously requested certificates for their home
machines, and that is fine, although it may be harder to prove
that they are responsible for the service.
Is there any reason why you would think this would be suspicous?
Please email me (on list or directly) if you have concerns.
Cheers,
--jens
-----Original Message-----
From: Testbed Support for GridPP member institutes
[mailto:[log in to unmask]]On Behalf Of David Colling
Sent: 21 October 2006 13:29
To: [log in to unmask]
Subject: Host certificate for home machine
OK, in a society as geeky as ours, it had to happen sooner or later. I
have a request from a somebody (not me for those of you trying to guess)
at Imperial for a host certificate. I must admit that I cannot see any
reason not to approve it. The machine has a unique IP address, reverse
DNS identifies it correctly, the user who has requested the certificate
is the person who administers the machine etc.
Anyway, before proceeding I thought that I would email this list where
people who know the rules better than me can comment.
So comments please...
All the best,
david
|