Changes between Version 10 and Version 11 of GID

Show
Ignore:
Author:
ricci (IP: 166.70.37.238)
Timestamp:
04/23/08 18:32:51 (2 years ago)
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • GID

    v10 v11  
    2121   * Can there be more than one certificate bound to a particular GID (possibly serially, not in parallel)? 
    2222 
     23 
     24=== GID a Certificate === 
     25 
     26The idea: An entity's GID is a certificate binding a UUID to a public key 
     27 
     28Pros: 
     29   * It's what is currently in the GENI docs, so is most likely to be inter-operable with other implementations 
     30   * Self-certifying 
     31 
     32Cons: 
     33   * The certificate includes an expiration date, and if we were to renew a certificate by creating 
     34     one with a later expiration date, this would constitute the creation of a new identity, unrelated  
     35     at an architectural level to the previous one.  
     36   * It also ties identity strongly to the authority that has signed the certificate - ie. if my  
     37     institution signed my GID, and I change institutions, I have to get a new identity (or my old institution must 
     38     continue vouching for my identity.) 
     39   * If an entity needs to change its public key for any reason - ie. a real or suspected   
     40     compromise of its private key, this also requires a new identity. 
     41 
     42     Rob says: 
     43          There are plenty of best-practices reason I might want to change keys. 
     44          Obviously if my private key is compromised or lost, I need to change 
     45          it, but there are many reasons short of these I might want to change 
     46          my keypair. We change passwords routinely in case they've been 
     47          compromised and we don't know it. If someone breaks into my machine, 
     48          no matter what the vector, I change my passwords and ssh keys just in 
     49          case. By tying identity and authentication, we (strongly) discourage 
     50          GENI users from using these best practices, which doesn't seem like a 
     51          good idea. 
     52 
     53          This feels to me kinda like making my UID = my password hash: it just 
     54          doesn't seem like a good idea. 
     55 
    2356=== GID as Hash of Public Key === 
    2457 
    2659 
    2760Pros: 
    28    * It's what is currently in the GENI docs, so is most likely to be inter-operable with other implementations 
     61   * ~~It's what is currently in the GENI docs, so is most likely to be inter-operable with other implementations~~ 
    2962   * Self-certifying: because the GID is generated from the public key, anybody can generate a certificate for a given GID, but only someone who hold the matching private key can actually use it. This keeps it safe from misbehaving/compromised authorities 
    3063   * Transferrable: If someone moves to a different authority (say, a different institution), they can get a certificate for the same GID from their new authority