Dear CAs, Relying Parties, Users, and all others interested,
In this announcement of the EUGridPMA:
-1- New CA distribution v0.27 available
-2- Update of the Minimum Requirements for Accreditation (v3.2)
Release 0.27 of the CA distribution available
---------------------------------------------
A new distribution of Accredited Authorities by the EUGridPMA, release
version 0.27, is now available for download from the EUGridPMA Repository
https://www.eugridpma.org/distribution/current/
Please download the new packages and install them at your earliest
convenience, since the new package includes upgrades to some of the
existing CAs as well (CNRS Grid-FR and CyGrid) and it fixes a problem
with the use of the UK e-Science CA with recent versions of the OpenSSL
package.
Changes from 0.26 to 0.27 (22 February 2005):
* added additional entry to UKeScience signing policy file to accomodate
openssl 0.9.7c rendering of emailAddress component in the subject DN
* updated DutchGrid CA cert from web site: extended lifetime to 2021 and
changed digest algorithm from MD5 to SHA1
* added a tar-ball distribution with a configure scrfipt for convenience
* Removed DOESG-Root from the accredited CA list, as per request of of
the CA on January 28, 2005. There are no certs left issued by this CA.
* Added Grid-FR CA by CNRS, and extended the signing_policy file of the
associated CNRS-Projets CA.
* A new root certificate for the CyGrid CA (with a new subject name). The
old CyGrid CA has been moved to "-old". Both are in the accredited list.
The next release (0.28) of the CA RPMs is expected for the end of March 2005.
Update of the Minimum Requirements for Accreditation
----------------------------------------------------
The Minimum Requirements guidelines document has been clarified and
elaborated in several places, bringing it better in line again with the
common minimum requirements that are coordinated globally via the
International Grid Federation (IGF) and to make them less ambiguous.
This does not alter the meaning of the requirements in any way.
Thew new version of the document (v3.2) is also available from the
web site at
http://www.eugridpma.org/guidelines/
The changes are:
* better synchronisation with the APGridPMA guidelines (and our own
version 2.1) regarding recovation of certificates.
* clarification of wording regarding the uniqueness of subject names
* a list of CA and RA personnel must now be explicitly maintained
* worded more carefully what the PMA expects regarding scope of new CAs,
and the expected level of commitment and sustainability of member CAs
* the description of the profile of end-entity certificates, that
was in section 4, has been made explicit in a new subsection
4.1. New requirements in this area include a compulsory inclusion
of the CRLDistributionPoints extension, and also AuthorityInfoAccess in
case the CA operated a production-level OCSP responder.
* the use of MD5 has been depricated
Regards,
David Groep.
PS: to leave this mailing list, please visit the EUGridPMA link below and
look at the Subscriber options at the bottom of the page:
http://mailman.eugridpma.org/cgi-bin/listinfo/eugridpma-announce
