[Smwg] TGFT certificats mangement prototype and recommandations

Eddy, Wesley M. (GRC-LCI0)[MTI SYSTEMS, INC.] wesley.m.eddy at nasa.gov
Fri Feb 23 14:01:39 UTC 2018

Just my opinion ...

If mutual authentication is used, I think the certificates should probably be managed machine-to-machine (not per user/group/etc).  I'm not sure if people normally do mutual authentication with self-signed certificates; I would expect either the server organization runs a CA to generate the client certs, or otherwise that the CA cert that generates client certs is trusted by the server.  If there are only a very small number of clients it's probably not important, but if there are a lot of clients, self-signed certificates could be a hassle to manage.

-----Original Message-----
From: SMWG [mailto:smwg-bounces at mailman.ccsds.org] On Behalf Of Ciocirlan Claudia
Sent: Friday, February 23, 2018 8:36 AM
To: Colin Haddow/esoc/ESA <Colin.Haddow at esa.int>; lihu at nssc.ac.cn; liuyurong at nssc.ac.cn; weizhang at nssc.ac.cn; CCSDS SMWG ML (smwg at mailman.ccsds.org) <smwg at mailman.ccsds.org>
Cc: Barkley, Erik J (JPL-3970)[Jet Propulsion Laboratory] <erik.j.barkley at jpl.nasa.gov>
Subject: [Smwg] TGFT certificats mangement prototype and recommandations

Hello all,

We have decided upon a connectivity test for the end of March between the CNES and the CAS. 

In order to prepare the testing we need to agree on the protocol (which will be https) and on the certificates. 
For the end of march we propose that each entity generates auto signed certificates and send them to the other party in order to establish the connection and each entity will then be able to make a "https put" of a file or archive. Is that ok for everyone?

That also raises the question of how the certificates will be managed by TGFT. Do we intend to make recommendations in the TGFT or we leave that an open subject? (how the certificates are going to be managed, generates, by user, by group...).
For the yellow book regarding the test reports we have identified a section where we will mark down all the inputs used beyond the requirements and the recommendations of the TGFT.

I excuse myself if this question was already discussed and I am not aware of.

SMWG mailing list
SMWG at mailman.ccsds.org

More information about the SMWG mailing list