Dear CAs, Relying Parties, Users, and all others interested,
In this announcement of the EUGridPMA:
1. New distribution (0.32) with repairs and updated root cert
We hope that you find this update useful and welcome any comments you
may have. Also, feel free to redistribute this information widely as
you see appropriate.
Regards,
David Groep
For more information about this newsletter and the mailing list,
please refer to the EUGridPMA web site at https://www.eugridpma.org/
=========================================================================
1. New distribution version 0.32
=========================================================================
A new distribution of Accredited Authorities by the EUGridPMA, release
version 0.32, is now available for download from the EUGridPMA Repository
https://www.eugridpma.org/distribution/current/
Note that this updates the previous release that was issued three days
ago. There are two reasons for this update:
* The Russian Data Intensive Grid (RDIG) CA has released a new
root certificate with a keylength of 2048 bits. The
previous key (4096 bits in length) caused problems in various
software suites, in particular some Java implementations.
NOTE that the has remains unchanged, and the previous web locations
will be re-used. In the transition period, you may encounter
inconsistencies between the new CA cert and the (still old) CRL
downloaded from the crl_url. This inconsistency has no other
security impacts than to render the CA inactive, i.e., this is a
safe default.
* The signing policy file for the new CESNET CA was incomplete and
left out the namespace that was actually in use. The correct
namespace is /DC=cz/DC=cesnet-ca/*.
Notice:
*ONLY* CAs IN THE "accredited/" DIRECTORY and
THE CAs INSTALLED USING THE ca_policy_eugridpma-0.32-1.noarch.rpm
ARE ACCREDITED
Do *not* install certificates from the "worthless/", "other/",
or "discontinued/" directories, except if you your self review
and accept their policy and practice statement. The EUGridPMA
provides these certificates in this format for your convenience
only, and to allow graceful changeover for legacy installations.
You can download the new packages and install them at your convenience.
Changes from 0.31 to 0.32
-------------------------
(23 August 2005)
* Corrected namespace for the new CESNET CA
* New RDIG root certificate with a 2048 bit key length for increased
compatibility with existing software suites.
For those using RPM based linux distribution, a "meta-RPM" is available
from the repository, ca_policy_eugridpma-0.32-1.noarch.rpm, that contains
dependencies on the RPMs of all accredited CAs. The repository is
suitable for "yum" based automatic updates.
This is the first RPM distribution that will (on an experimental basis)
used GPG-signed RPMs. The key (ID 3CDBBC71) has been uploaded to
the public key servers, along with my signature as the EUGridPMA
Chair (keyID 6F298418). The key is also contained in the repository.
The next release of the CA RPMs is to be expected around October 2005,
(of course barring special circumstances). The format of those new releases
is currently under considation. If you want to contribute to the
discussion or to suggest improvements to have it better suit your needs,
please contact the PMA at <info(a)eugridpma.org>. There will be a common
distribution format across the entire IGTF (i.e. all three PMAs).
