Dear CAs, Relying Parties, Users, and all others interested,
In this announcement of the IGTF:
1. Unused CESNET CA "9b59ecad" lost CRL generation capability
2. Updated IGTF distribution version 1.46 available
=========================================================================
1. Unused CESNET CA "9b59ecad" lost CRL generation capability
=========================================================================
The obsolete CESNET cA with OpenSSL 0.x hashID "9b59ecad" has recently
lost its capability to generate CRLs. Although this CA was no longer
in active use and has no subscribers left, it was not yet withdrawn from
the IGTF distribution. The last CRL has since expired, and in its current
state the CA is no longer operative. It also has no capability left to
generate a new CRL.
There are no security risks associated with having an expired CRL, and
leaving 1.45 in place does not expose you as a relying party to any
additional risk.
However, no longer having a valid CRL may generate monitoring warnings
in several operational infrastructures. To mitigate this warnings, the
IGTF releases 1.46, which formally obsoletes this CA.
=========================================================================
2. Updated IGTF distribution version 1.46 available
=========================================================================
A new distribution of Accredited Authorities by the EUGridPMA, based
on the IGTF Common Source, is now available. It includes the newly
accredited Authorities by all IGTF Members and retires expiring CA
certificates. This is version 1.46, release 1, and it is now available for
download from the Repository (and mirrors) at
https://dist.eugridpma.info/distribution/igtf/current/
Changes from 1.45 to 1.46
-------------------------
(29 March 2012)
* Removed discontinued CESNET (9b59ecad) CA (CZ)
Debian APT support
------------------
The IGTF distributed the trust anchors in various formats. This release
adds an 'apt' compliant repository for Debian-based distribution as an
experimental service. For details, see
https://dist.eugridpma.info/distribution/igtf/current/dists/README.txt
Use in coordinated-deployment infrastructures
---------------------------------------------
If you are part of a coordinated-deployment infrastructure (such as a
national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI or others) you may
want to await your project announcement before installing this release.
The download repository is also mirrored by the APGridPMA at
https://www.apgridpma.org/distribution/igtf/
Next Release
------------
Releases are usually done on the last Monday of the month, only when
the trust anchor distribution has been updates substantially. The currently-
estimated next release date of the distribution is 30 April 2012.
Dual-hash OpenSSL v1 support
----------------------------
This distribution comes in two (2) formats. The primary format for this
release supports OpenSSL v1 and is designed to be backwards compatible
with the old distribution format.
If you experience issues with the new format, the old non-OpenSSL-v1
version is still available at
https://dist.eugridpma.org/distribution/igtf/current-old/
but you should upgrade as soon as practically possible. Subsequentl
releases may withdraw this legacy format without further notice.
For more information, please refer to the February 15th 2010 newsletter:
https://www.eugridpma.org/newsletter/eugridpma-newsletter-20100215.txt
=========================================================================
REPEATED NOTICES
=========================================================================
This newsletter carries IGTF information intended for relying parties.
For more information about this newsletter and how to subscribe,
refer to the EUGridPMA web site at https://www.eugridpma.org/
+-----------------------------------------------------------------------+
| For information on the IGTF Distribution, how to use it and what is |
| contains, please read the information at |
| https://dist.eugridpma.info/distribution/igtf/README.txt |
| |
| This file contains important information for new users and should be |
| read before installing this Distribution. |
+-----------------------------------------------------------------------+
If you have suggestions or improvements for the distribution format,
to have it better suit your needs, please contact the EUGridPMA PMA at
<info(a)eugridpma.org> or your Regional Policy Management Authority. See
the IGTF web site (www.igtf.net) for further information.
--
David Groep
** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group **
** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **
From: David Groep <info(a)eugridpma.org>
Date: Mon, 26 Mar 2012 12:00:00 +0200
Subject: Updated IGTF distribution 1.45
Dear CAs, Relying Parties, Users, and all others interested,
In this announcement of the IGTF:
1. Updated IGTF distribution version 1.45 available
=========================================================================
1. Updated IGTF distribution version 1.45 available
=========================================================================
A new distribution of Accredited Authorities by the EUGridPMA, based
on the IGTF Common Source, is now available. It includes the newly
accredited Authorities by all IGTF Members and retires expiring CA
certificates. This is version 1.45, release 1, and it is now available for
download from the Repository (and mirrors) at
https://dist.eugridpma.info/distribution/igtf/current/
Changes from 1.44 to 1.45
-------------------------
(26 March 2012)
* Added accredited NCSA 2-factor SLCS CA (US)
Debian APT support
------------------
The IGTF distributed the trust anchors in various formats. This release
adds an 'apt' compliant repository for Debian-based distribution as an
experimental service. For details, see
https://dist.eugridpma.info/distribution/igtf/current/dists/README.txt
Use in coordinated-deployment infrastructures
---------------------------------------------
If you are part of a coordinated-deployment infrastructure (such as a
national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI or others) you may
want to await your project announcement before installing this release.
The download repository is also mirrored by the APGridPMA at
https://www.apgridpma.org/distribution/igtf/
Next Release
------------
Releases are usually done on the last Monday of the month, only when
the trust anchor distribution has been updates substantially. The currently-
estimated next release date of the distribution is 30 April 2012.
Dual-hash OpenSSL v1 support
----------------------------
This distribution comes in two (2) formats. The primary format for this
release supports OpenSSL v1 and is designed to be backwards compatible
with the old distribution format.
If you experience issues with the new format, the old non-OpenSSL-v1
version is still available at
https://dist.eugridpma.org/distribution/igtf/current-old/
but you should upgrade as soon as practically possible. Subsequentl
releases may withdraw this legacy format without further notice.
For more information, please refer to the February 15th 2010 newsletter:
https://www.eugridpma.org/newsletter/eugridpma-newsletter-20100215.txt
=========================================================================
REPEATED NOTICES
=========================================================================
This newsletter carries IGTF information intended for relying parties.
For more information about this newsletter and how to subscribe,
refer to the EUGridPMA web site at https://www.eugridpma.org/
+-----------------------------------------------------------------------+
| For information on the IGTF Distribution, how to use it and what is |
| contains, please read the information at |
| https://dist.eugridpma.info/distribution/igtf/README.txt |
| |
| This file contains important information for new users and should be |
| read before installing this Distribution. |
+-----------------------------------------------------------------------+
If you have suggestions or improvements for the distribution format,
to have it better suit your needs, please contact the EUGridPMA PMA at
<info(a)eugridpma.org> or your Regional Policy Management Authority. See
the IGTF web site (www.igtf.net) for further information.
--
David Groep
** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group **
** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **
