Dear CAs, Relying Parties, Users, and all others interested,
In this announcement of the IGTF:
1. Updated IGTF distribution version 1.67 available
*** The IGTF recommends to update to this new release
*** as soon as reasonably possible
============================================================================
1. Updated IGTF distribution version 1.67 available
============================================================================
A new distribution of Accredited Authorities by the Interoperable Global
Trust Federation, based on the IGTF Common Source, is now available. It
includes the newly accredited Authorities and retires expiring trust
anchors.
To forestall a (very small) risk to the integrity of the trust fabric, we
recommend that you install this 1.67 release as soon as reasonably possible.
This is version 1.67 release 1 and it is now available for download from
the Repository (and mirrors) at
https://dist.igtf.net/distribution/igtf/current/
Changes from 1.65 to 1.67
-------------------------
(31 August 2015 - release jump, skipping 1.66)
* Discontinued NCSA-mics CA (US)
* Withdrawn G2 root for IPM CA (IR)
Next Release
------------
Releases are usually done on the last Monday of the month, only when
the trust anchor distribution has been updated substantially. The
currently-estimated next release date of the distribution is at the
end of September 2015.
============================================================================
2. New meta-data info file data in 1.65 release
============================================================================
Each trust anchor in the IGTF distribution comes with an associated file
with relevant meta-data: the URL of the revocation list, the emergency
contact email address, the fingerprint to verify integrity, the short alias
name (file name) and some more data.
The name of the trust anchor (for PKIX anchor: the subject distinguished
name) has been added to this meta-data in the "subject" attribute. For the
policy meta-packages (with the "policy-igtf-{classic,mics,slcs,iota}.info"
files), the "subject" attribute is a list of comma-separated subject names
of all trust anchors that are accredited under the named authentication
profile (AP).
All subject names are double-quoted strings. The syntax of the .info meta-
data files is described in <http://wiki.eugridpma.org/Main/IGTFInfoFile>.
We envison that these subject names will be used for implementing SSL moni-
toring use cases, and to support access control and authorization decisions
based on the IGTF accreditation status in combination with other relevant
external attributes.
There is also a 'discontinued' meta-file that lists all trust anchors that
have been withdrawn and must no longer be used. Also to this package a list
of subject names has been added (only for those subject names that have not
been re-used in an updated trust anchor version). This list can be used for
verification purposes to inspect whether any discontinued trust anchors are
inadvertently still active in a particular installation.
============================================================================
3. End of support for RPM yum version 2 and RPM-APT
============================================================================
The data for Yum v2 ("headers") and apt-rpm ("apt/RPMS.profile"), although
still present in the 1.65 distribution, are no longer supported. They will
be removed in an upcoming release.
The 1.65 distribution has been built on a new (RHEL6-compatible) platform
that does not natively support the apt-rpm model any more.
============================================================================
4. IGTF uses new build platform
============================================================================
The more observent of the IGTF relying parties may notice that the RPM
packaging indicates a new build host (Build Host: el6vbx.localdomain) and
was created using a higher version of the RPM build system.This new build
host is expected: the distribution is now built in a (virtualised) RHEL6-
compatible environment that is hosted on a new (similarly secured)system.
The source continues to come from the IGTF Common Source version control
system and the data are verified against this common source. The change
(from "streng.nikhef.nl" to "el6vbx.localdomain") is expected.
=========================================================================
REPEATED NOTICES
=========================================================================
Use in coordinated-deployment infrastructures
---------------------------------------------
If you are part of a coordinated-deployment infrastructure (e.g. a national
or regional e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI or others) you may
want to await their announcement before installing the release. They could
include localised adaptations. For reference we include the links below:
PRACE-RI http://winnetou.surfsara.nl/prace/certs/
EGI https://wiki.egi.eu/wiki/EGI_IGTF_Release
wLCG https://lcg-ca.web.cern.ch
Open Science Grid https://software.grid.iu.edu/cadist/
Supplementary download locations
--------------------------------
The download repository is also mirrored by the APGridPMA at
https://www.apgridpma.org/distribution/igtf/
and by the EUGridPMA at
https://dist.eugridpma.info/distribution/igtf/
Where possible validate trust anchors with the GEANT TACAR Repository
https://www.tacar.org/
About this news letter
----------------------
This newsletter carries IGTF information intended for relying parties.
For more information about this newsletter and how to subscribe, refer
to the EUGridPMA web site at https://www.eugridpma.org/
+-----------------------------------------------------------------------+
| For information on the IGTF Distribution, how to use it and what is |
| contains, please read the information at |
| https://dist.igtf.net/distribution/igtf/README.txt |
| |
| This file contains important information for new users and should be |
| read before installing this Distribution. |
+-----------------------------------------------------------------------+
If you have suggestions or improvements for the distribution format,
to have it better suit your needs, please contact the EUGridPMA PMA at
<info(a)eugridpma.org> or your Regional Policy Management Authority. See
the IGTF web site (www.igtf.net) for further information.
--
David Groep
** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group **
** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **
