DR J Jensen STFC Chief Soapbox Officer 23
DR J Jensen, STFC Chief Soapbox Officer 23 May 2017
From an old UK e. Sc CA doc CA services Description Base address N/A 3 1 1 3 S 1 Network (not part of CA but online services depend on it) CA web site, containing repository information, documentation, CP/CPS, and other documents www. ngs. ac. uk/certove rview 2 2 1 4 S 2 Helpdesk 2 2 1 4 S 3 Contact email addresses 2 1 1 2 S 4 CRL server support@gridsupport. ac. uk e. g. , ca-operator@gridsupport. ac. uk crl. ca. ngs. ac. uk 3 1 1 3 2 2 2 8 2 2 2 S 0 Av Int Conf Prod (web 1. ca. ngs. ac. uk) ca. grid-support. ac. uk S 5 Online request service S 6 Renewal and admin (RA) interface https: //ca. gridsupport. ac. uk/ https: //ca-admin. gridsupport. ac. uk/ 8 Department for Mad Science
CA services Description Base address Av Int Conf S 7 CA Operator interface S 8 Online server database https: //ca-ra. gridsupport. ac. uk/ N/A 1 2 3 6 2 3 3 18 A notification service which sends email to people S 10 Offline signing service N/A 1 2 N/A 1 3 3 9 S 11 Offline RA database (letters archive) S 12 DNS/Internal N/A 1 3 3 9 Can store or cache locally 1 3 S 13 DNS/External 3 2 1 6 S 14 Web start host 2 1 1 2 S 9 Prod Department for Mad Science
CA services Description P 1 People: signing operators P 2 People: support staff P 3 People: policy/admin Base address Av Int Conf Prod S 17 People: software support Department for Mad Science
Protecting a ROOT KEY Department for Mad Science
Protecting a Root Key • # physical copies? • How they are encrypted? • Where they are physically stored? – Off site? • Who can release the key? • What is required to release the key? – E. g. m-of-n, such as SSSS (which needs some thought) • How to keep knowledge, testing? – E. g. root CRL issuance – Frequency of doing so Department for Mad Science
- Slides: 6