Surely the issue is that anyone with a host certificate is then on the
path to having Globus proxy certificates end up on their host, which
they would then have access to and could potentially exploit. For that
reason, the level of "trust" in someone who is issued a host
certificate, I would have thought, needs to be higher than for a person
who requires just a regular user certificate.
Ian
David Colling wrote:
> OK, in a society as geeky as ours, it had to happen sooner or later. I
> have a request from a somebody (not me for those of you trying to guess)
> at Imperial for a host certificate. I must admit that I cannot see any
> reason not to approve it. The machine has a unique IP address, reverse
> DNS identifies it correctly, the user who has requested the certificate
> is the person who administers the machine etc.
>
> Anyway, before proceeding I thought that I would email this list where
> people who know the rules better than me can comment.
--
Ian Stokes-Rees [log in to unmask]
Particle Physics, Oxford http://grid.physics.ox.ac.uk/~stokes
|