1 / 9

TACAR Updates version 1.4.3 David Groep, NIKHEF

TACAR Updates version 1.4.3 David Groep, NIKHEF. TACAR Aims. Trusted and Centralized place for obtaining CA root certificates for download by users for use in browsers, mailers &c for validation of roots obtained by other means Not meant for policy validation

ogden
Download Presentation

TACAR Updates version 1.4.3 David Groep, NIKHEF

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TACAR Updatesversion 1.4.3David Groep, NIKHEF

  2. TACAR Aims • Trusted and Centralized place for obtaining CA root certificates • for download by users for use in browsers, mailers &c • for validation of roots obtained by other means • Not meant for policy validation • no minimum policy or technical requirements to get in • but CAs can be grouped (i.e. by IGTF AuthN Profile) • Focus on validation of the organisation that submits the root certificate(s)

  3. TACAR Repository Function

  4. TACAR immediate role for the IGTF • Authentic source of the trust anchors that go into the other distribution formats • helps those constructing the distribution … • Independent check for IGTF re-distributors • although still not all CAs are in TACAR …

  5. Getting into it • Has been perceived “too slow”, or “impractical” • previously, a F2F meeting with a TERENA Officer (Licia) was required • is about to change … see next slides • has been perceived as “difficult”, or “too much work” • there is indeed paperwork to be done • that brings added value as an independent validation point • New policy to address some of these concerns

  6. Paperwork required • Prepare a CD-ROM with • your root certificate • CP and/or CPS documents (PDF format) • Copy of Registration Letter • list of the root certificates and meta-data • name &c of the CA organisation • name of the CA representative • Copy of Accreditation Letter • list of administrators and managers allowed to make updates to TACAR for that CA • A Direct Responsible Person as an ultimate SoA • Paper versions of the Registration and Accreditation Letter • If you want to update this data electronically • PGP keys, cross signed with the TACAR representative • PGP signed versions of all of the above

  7. New in v1.4.3: Trusted Introducers • Formerly all this had to be done with a TERENA Officer • Now, you can do it with a Trusted Introducer as well • appointed by the TACAR Community • one per CA coordinating body/organisation • that regularly meets CA representatives • TI then has to do all the work with Licia afterwards

  8. Implementation • Policy v1.4.3 has been discussed extensively • Latest draft 22 Nov 2006 • No comments received on TF-EMC2 after that • with EUGridPMA acceptance, majority of TACAR Community will have agreed  • Will hopefully get everyone into TACAR this time …

More Related