Re: [AG-TECH] Per-node certificates

[Christoph Willing <willing@itee.uq.edu.au>]

> > -----Original Message-----
> > From: owner-ag-tech@mcs.anl.gov [mailto:owner-ag-tech@mcs.anl.gov]On
> > Behalf Of Steve Smith
> > Sent: Tuesday, February 01, 2005 9:51 PM
> > To: ag-tech
> > Subject: [AG-TECH] Per-node certificates
> >
> >
> > Hi,
> >
> > Is there any plan to re-institute per-node AG2 certificates, and if 
> > not
> > what's the current accepted practise for multi-user, multi-machine 
> > node
> > setups?
> >
> > Cheers,
> > Steve
On 05/02/2005, at 4:42 AM, Steve Gallo wrote:

> I believe that you can use an anonymous certificate, although
> I think that there are some restrictions on what you can/can't
> do with them.
That is a good use for Anonymous certificates. Their potential 
shortcoming is if/when ACL's are used for secure meetings (very rarely 
done so far). If I were setting up a secure meeting room, my first 
general "deny" rule would be aimed at any Anonymous certificate. Mind 
you, I'm not sure that thats possible with the current ACL's, but an 
ideal system should "allow" or "deny" classes of certificate such as 
Anonymous.

chris


Christoph Willing                        Ph: +61 7 3365 8350
QPSF Access Grid Manager
University of Queensland