Hi Dennis,
What I find missing is a method for revocation of an endorsement. Simply removing it from the endorsed list is not enough; there should be a signed statement saying 'I no longer endorse this combination, for this and this reason' and these should probably be distributed like CRLs.
It was a very conscious choice of the working group to make revocation as simply as removing it from the endorsed list. Can you elaborate on why you think this is not enough?
Perhaps there should be automatic and/or implicit revocation, or at least expiry of a base system. When a security flaw is discovered, all the base systems that suffer it should no longer be used. And neither should any combination derived from them.
If I remember correctly the expiry is mentioned somewhere in the policy. If an image is no longer on the endorsed list, it won't be used anymore since the lists are checked before a VM is booted.
Thanks, Sander
Dear all,
The updated draft (V1.2) of the Virtualisation Policy may be found at the JSPG wiki...
http://www.jspg.org/wiki/Policy_Trusted_Virtual_Machines
I also attach a PDF version just in case this is not reachable.
Lots of things to be discussed I am sure :=)
For discussion tomorrow.
Regards Dave
Dr David Kelsey Particle Physics Department Rutherford Appleton Laboratory Chilton, DIDCOT, OX11 0QX, UK
e-mail: david.kelsey@stfc.ac.uk Tel: [+44](0)1235 445746 (direct) Fax: [+44](0)1235 446733
-- Scanned by iCritical.
ct-grid mailing list ct-grid@nikhef.nl https://mailman.nikhef.nl/mailman/listinfo/ct-grid
-- D.H. van Dok :: Software Engineer :: www.nikhef.nl :: www.biggrid.nl Phone +31 20 592 22 28 :: http://www.nikhef.nl/~dennisvd/