eugridpma-announce June 2011

eugridpma-announce@nikhef.nl

1 participants
2 discussions

Updated IGTF distribution 1.40 (hotfix)
by David Groep 28 Jun '11

28 Jun '11

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.40 available The meta-data for the Uni-Andes CA of Colombia introduced in release 1.39 contained an incorrect fingerprint of the certificate in the associated meta-data (".info") file. The actual certificate shipped for this CA (OpenSSL v0.x hash: fc1898ec) was correct and has not changed. The SHA1 fingerprint for this CA should read 00:B7:AA:54:AE:7B:1D:BE:FB:40:F4:68:02:85:5F:73:01:83:B6:0D The 1.40 release corrects this meta-data file. ========================================================================= 1. Updated IGTF distribution version 1.40 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.40, release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ *** note that the default format is now OpenSSL v1 compatible *** Changes from 1.39 to 1.40 ------------------------- (28 June 2011) * Corrected fingerprint meta-data for UniAndes CA (CO) Changes from 1.38 to 1.40 ------------------------- (27 June 2011) * Change of contact address for NAREGI CA (JP) * Change of contact address for GermanGrid CA (DE) * Added accredited classic HIAST CA (SY) * Added accredited classic Uni Andes CA (CO) * Extended life time of root certificate for SiGNET-CA (SI) * Extended life time of root certificate for Grid-Ireland (IE) * New issuing certificates (2A, 2B) for UKeScience (GB) * Updated extensions for DOEGrids-CA-1 issuing CA (US) Changes to unaccredited information: * Added experimental DZeScience CA (DZ) * Extended life time for unaccredited Benelux and NE tutorial CA cert and re-rooted namespace to new domain name (NL,BE) * Added worthless replacement gilda 2011 CA (IT) Debian APT support ------------------ The IGTF distributed the trust anchors in various formats. This release adds an 'apt' compliant repository for Debian-based distribution as an experimental service. For details, see https://dist.eugridpma.info/distribution/igtf/current/dists/README.txt Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national grid infrastructure, EGI, OSG, PRACE-RI, DEISA, NAREGI or others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updates substantially. Current estimated but the next release of the distribution in Septmber 2011. Dual-hash OpenSSL v1 support ---------------------------- This distribution comes in two (2) formats. The primary format for this release supports OpenSSL v1 and is designed to be backwards compatible with the old distribution format. If you experience issues with the new format, the old non-OpenSSL-v1 version is still available at https://dist.eugridpma.org/distribution/igtf/current-old/ but you should upgrade as soon as practically possible. Subsequentl releases may withdraw this legacy format without further notice. For more information, please refer to the February 15th 2010 newsletter: https://www.eugridpma.org/newsletter/eugridpma-newsletter-20100215.txt ========================================================================= REPEATED NOTICES ========================================================================= This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.39 and migration to Fetch-crl version 3
by David Groep 27 Jun '11

27 Jun '11

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.39 available - Changes in 1.39 - Debian APT support - Use in coordinated-deployment infrastructures - Next release - Dual-hash OpenSSL v1 support 2. New version 3 of the CRL retrieval tool Fetch-crl We STRONGLY ADVISE everyone to upgrade to Fetch-crl version 3. It is necessary for out-of-the-box OpenSSL v1 support and brings significant stability improvements and has features for resilience. Download it from https://dist.eugridpma.info/distribution/util/fetch-crl3/ ========================================================================= 1. Updated IGTF distribution version 1.39 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.39, release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ *** note that the default format is now OpenSSL v1 compatible *** Changes from 1.38 to 1.39 ------------------------- (27 June 2011) * Change of contact address for NAREGI CA (JP) * Change of contact address for GermanGrid CA (DE) * Added accredited classic HIAST CA (SY) * Added accredited classic Uni Andes CA (CO) * Extended life time of root certificate for SiGNET-CA (SI) * Extended life time of root certificate for Grid-Ireland (IE) * New issuing certificates (2A, 2B) for UKeScience (GB) * Updated extensions for DOEGrids-CA-1 issuing CA (US) Changes to unaccredited information: * Added experimental DZeScience CA (DZ) * Extended life time for unaccredited Benelux and NE tutorial CA cert and re-rooted namespace to new domain name (NL,BE) * Added worthless replacement gilda 2011 CA (IT) Debian APT support ------------------ The IGTF distributed the trust anchors in various formats. This release adds an 'apt' compliant repository for Debian-based distribution as an experimental service. For details, see https://dist.eugridpma.info/distribution/igtf/current/dists/README.txt Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national grid infrastructure, EGI, OSG, PRACE-RI, DEISA, NAREGI or others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updates substantially. Current estimated but the next release of the distribution in September 2011. Dual-hash OpenSSL v1 support ---------------------------- This distribution comes in two (2) formats. The primary format for this release supports OpenSSL v1 and is designed to be backwards compatible with the old distribution format. If you experience issues with the new format, the old non-OpenSSL-v1 version is still available at https://dist.eugridpma.org/distribution/igtf/current-old/ but you should upgrade as soon as practically possible. Subsequentl releases may withdraw this legacy format without further notice. For more information, please refer to the February 15th 2010 newsletter: https://www.eugridpma.org/newsletter/eugridpma-newsletter-20100215.txt ========================================================================= 2. New version 3 of the CRL retrieval tool available ========================================================================= Downloading CRLs is a critical component in keeping the integrity and security of the trust fabric -- and CRLs should be updated frequently (preferably several times per day). To facilitate automated retrieval of certificate revocation lists (CRLs) by relying parties, the 'fetch-crl' utility is distributed by the IGTF. This tool has been redesigned completely to incorporate new features: - support for OpenSSL version 1 and dual-hash trust anchor naming - parallel downloads to speed up retrieval (from minutes to seconds) - built-in caching support to reduce bandwidth consumption - site- and infrastructure-level fail-over and override mechanisms Relying parties are encouraged to upgrade to this new version 3, available from the EUGridPMA web site and from popular Linux distribution (add-on) repositories such as Fedora, Debian and EPEL. Fetch-crl3 is independent of any software suite and can be used in conjunction with all popular OpenSSL, BouncyCastle and NSS based products. https://dist.eugridpma.info/distribution/util/fetch-crl3/ The documentation and full list of features can be found at http://www.nikhef.nl/grid/fetchcrl3/ Fetch-crl3 is made available under the Apache License version 2.0. The 2.8 series fetch-crl will remain supported until Q2 2012 but new features will no longer be added. The 2.7 series is no longer supported. ========================================================================= REPEATED NOTICES ========================================================================= This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

eugridpma-announce June 2011