eugridpma-announce

eugridpma-announce@nikhef.nl

162 discussions

Updated IGTF distribution 1.44
by David Groep 30 Jan '12

30 Jan '12

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.44 available ========================================================================= 1. Updated IGTF distribution version 1.44 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.44, release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ Changes from 1.43 to 1.44 ------------------------- (30 January 2012) * Added accredited classic DigiCert CA chains (US) * Extended life time of UGRID root cert (UA) Debian APT support ------------------ The IGTF distributed the trust anchors in various formats. This release adds an 'apt' compliant repository for Debian-based distribution as an experimental service. For details, see https://dist.eugridpma.info/distribution/igtf/current/dists/README.txt Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national grid infrastructure, EGI, OSG, PRACE-RI, DEISA, NAREGI or others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updates substantially. The currently- estimated next release date of the distribution is 26 March 2012. Dual-hash OpenSSL v1 support ---------------------------- This distribution comes in two (2) formats. The primary format for this release supports OpenSSL v1 and is designed to be backwards compatible with the old distribution format. If you experience issues with the new format, the old non-OpenSSL-v1 version is still available at https://dist.eugridpma.org/distribution/igtf/current-old/ but you should upgrade as soon as practically possible. Subsequentl releases may withdraw this legacy format without further notice. For more information, please refer to the February 15th 2010 newsletter: https://www.eugridpma.org/newsletter/eugridpma-newsletter-20100215.txt ========================================================================= REPEATED NOTICES ========================================================================= This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.43
by David Groep 28 Nov '11

28 Nov '11

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.43 available ========================================================================= 1. Updated IGTF distribution version 1.43 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.43, release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ Changes from 1.42 to 1.43 ------------------------- (28 November 2011) * Added new SWITCHslcs 2011 CA, replacing SWITCHslcs 2009 (CH) * Updated contact information for SWITCH CAs (CH) * Added new accredited classic JUnet CA (JO) * Added additional CRL URL for DOEGrids CA in certificate and meta data (US) * Added additional CRL URL for ESnet Root CA in meta data (US) * Updated institute information for KIT in signing_policy file (DE) * Updated enrollment URLs for Grid-FR CA (FR) Debian APT support ------------------ The IGTF distributed the trust anchors in various formats. This release adds an 'apt' compliant repository for Debian-based distribution as an experimental service. For details, see https://dist.eugridpma.info/distribution/igtf/current/dists/README.txt Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national grid infrastructure, EGI, OSG, PRACE-RI, DEISA, NAREGI or others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updates substantially. The currently- estimated next release date of the distribution is 30 January 2012. Dual-hash OpenSSL v1 support ---------------------------- This distribution comes in two (2) formats. The primary format for this release supports OpenSSL v1 and is designed to be backwards compatible with the old distribution format. If you experience issues with the new format, the old non-OpenSSL-v1 version is still available at https://dist.eugridpma.org/distribution/igtf/current-old/ but you should upgrade as soon as practically possible. Subsequentl releases may withdraw this legacy format without further notice. For more information, please refer to the February 15th 2010 newsletter: https://www.eugridpma.org/newsletter/eugridpma-newsletter-20100215.txt ========================================================================= REPEATED NOTICES ========================================================================= This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution version 1.42 addresses UK eScience CA 2B issue
by David Groep 30 Sep '11

30 Sep '11

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.42 available ========================================================================= 1. Updated IGTF distribution version 1.42 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.42, release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ *** note that the default format is now OpenSSL v1 compatible *** Changes from 1.41 to 1.42 ------------------------- (30 September 2011) * Corrected signing_policy file for UKeScience CA 2B (UK) Debian APT support ------------------ The IGTF distributed the trust anchors in various formats. This release adds an 'apt' compliant repository for Debian-based distribution as an experimental service. For details, see https://dist.eugridpma.info/distribution/igtf/current/dists/README.txt Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national grid infrastructure, EGI, OSG, PRACE-RI, DEISA, NAREGI or others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updates substantially. The currently- estimated next release date of the distribution is 28 November 2011. Dual-hash OpenSSL v1 support ---------------------------- This distribution comes in two (2) formats. The primary format for this release supports OpenSSL v1 and is designed to be backwards compatible with the old distribution format. If you experience issues with the new format, the old non-OpenSSL-v1 version is still available at https://dist.eugridpma.org/distribution/igtf/current-old/ but you should upgrade as soon as practically possible. Subsequentl releases may withdraw this legacy format without further notice. For more information, please refer to the February 15th 2010 newsletter: https://www.eugridpma.org/newsletter/eugridpma-newsletter-20100215.txt ========================================================================= REPEATED NOTICES ========================================================================= This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.41 available
by David Groep 26 Sep '11

26 Sep '11

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.41 available ========================================================================= 1. Updated IGTF distribution version 1.41 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.41, release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ *** note that the default format is now OpenSSL v1 compatible *** Changes from 1.40 to 1.41 ------------------------- (26 September 2011) * Added accredited PSC MyProxy SLCS CA (US) * Updated CRL URL for LIPCA (PT) * Extended life time of SlovakGrid CA root (SK) * Added accredited DZ-eScience CA (DZ) * Added accredited NICS SLCS MyProxy CA (US) * Added new UK eScience issuing CAs 2A and 2B to allowed namespaces and removed superfluous signing policy entries (UK) * Normalised the certificate files (.0) for selected CAs in the 'old' format distribution. This does not affect the 'new' OpenSSL v1+ compatible release. Affected CAs are CESNET, NIKHEF, NIIF, DFN-GridGermany-Root, PSC-Myproxy-CA, and NERSC-SLCS. Old and new format files are now identical. * The "worthless" area, containing some files that are distributed merely for convenience for selected specific purposes, has been re-named to "unaccredited". Files contained in this directory must be treated with utmost care, and their inclusion in the distribution does not constitute any form of endorsement by the IGTF of these files or their content. * Added unaccredited InCommon Server CA to convenience directory (US) Debian APT support ------------------ The IGTF distributed the trust anchors in various formats. This release adds an 'apt' compliant repository for Debian-based distribution as an experimental service. For details, see https://dist.eugridpma.info/distribution/igtf/current/dists/README.txt Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national grid infrastructure, EGI, OSG, PRACE-RI, DEISA, NAREGI or others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updates substantially. The currently- estimated next release date of the distribution is 28 November 2011. Dual-hash OpenSSL v1 support ---------------------------- This distribution comes in two (2) formats. The primary format for this release supports OpenSSL v1 and is designed to be backwards compatible with the old distribution format. If you experience issues with the new format, the old non-OpenSSL-v1 version is still available at https://dist.eugridpma.org/distribution/igtf/current-old/ but you should upgrade as soon as practically possible. Subsequentl releases may withdraw this legacy format without further notice. For more information, please refer to the February 15th 2010 newsletter: https://www.eugridpma.org/newsletter/eugridpma-newsletter-20100215.txt ========================================================================= REPEATED NOTICES ========================================================================= This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.40 (hotfix)
by David Groep 28 Jun '11

28 Jun '11

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.40 available The meta-data for the Uni-Andes CA of Colombia introduced in release 1.39 contained an incorrect fingerprint of the certificate in the associated meta-data (".info") file. The actual certificate shipped for this CA (OpenSSL v0.x hash: fc1898ec) was correct and has not changed. The SHA1 fingerprint for this CA should read 00:B7:AA:54:AE:7B:1D:BE:FB:40:F4:68:02:85:5F:73:01:83:B6:0D The 1.40 release corrects this meta-data file. ========================================================================= 1. Updated IGTF distribution version 1.40 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.40, release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ *** note that the default format is now OpenSSL v1 compatible *** Changes from 1.39 to 1.40 ------------------------- (28 June 2011) * Corrected fingerprint meta-data for UniAndes CA (CO) Changes from 1.38 to 1.40 ------------------------- (27 June 2011) * Change of contact address for NAREGI CA (JP) * Change of contact address for GermanGrid CA (DE) * Added accredited classic HIAST CA (SY) * Added accredited classic Uni Andes CA (CO) * Extended life time of root certificate for SiGNET-CA (SI) * Extended life time of root certificate for Grid-Ireland (IE) * New issuing certificates (2A, 2B) for UKeScience (GB) * Updated extensions for DOEGrids-CA-1 issuing CA (US) Changes to unaccredited information: * Added experimental DZeScience CA (DZ) * Extended life time for unaccredited Benelux and NE tutorial CA cert and re-rooted namespace to new domain name (NL,BE) * Added worthless replacement gilda 2011 CA (IT) Debian APT support ------------------ The IGTF distributed the trust anchors in various formats. This release adds an 'apt' compliant repository for Debian-based distribution as an experimental service. For details, see https://dist.eugridpma.info/distribution/igtf/current/dists/README.txt Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national grid infrastructure, EGI, OSG, PRACE-RI, DEISA, NAREGI or others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updates substantially. Current estimated but the next release of the distribution in Septmber 2011. Dual-hash OpenSSL v1 support ---------------------------- This distribution comes in two (2) formats. The primary format for this release supports OpenSSL v1 and is designed to be backwards compatible with the old distribution format. If you experience issues with the new format, the old non-OpenSSL-v1 version is still available at https://dist.eugridpma.org/distribution/igtf/current-old/ but you should upgrade as soon as practically possible. Subsequentl releases may withdraw this legacy format without further notice. For more information, please refer to the February 15th 2010 newsletter: https://www.eugridpma.org/newsletter/eugridpma-newsletter-20100215.txt ========================================================================= REPEATED NOTICES ========================================================================= This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.39 and migration to Fetch-crl version 3
by David Groep 27 Jun '11

27 Jun '11

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.39 available - Changes in 1.39 - Debian APT support - Use in coordinated-deployment infrastructures - Next release - Dual-hash OpenSSL v1 support 2. New version 3 of the CRL retrieval tool Fetch-crl We STRONGLY ADVISE everyone to upgrade to Fetch-crl version 3. It is necessary for out-of-the-box OpenSSL v1 support and brings significant stability improvements and has features for resilience. Download it from https://dist.eugridpma.info/distribution/util/fetch-crl3/ ========================================================================= 1. Updated IGTF distribution version 1.39 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.39, release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ *** note that the default format is now OpenSSL v1 compatible *** Changes from 1.38 to 1.39 ------------------------- (27 June 2011) * Change of contact address for NAREGI CA (JP) * Change of contact address for GermanGrid CA (DE) * Added accredited classic HIAST CA (SY) * Added accredited classic Uni Andes CA (CO) * Extended life time of root certificate for SiGNET-CA (SI) * Extended life time of root certificate for Grid-Ireland (IE) * New issuing certificates (2A, 2B) for UKeScience (GB) * Updated extensions for DOEGrids-CA-1 issuing CA (US) Changes to unaccredited information: * Added experimental DZeScience CA (DZ) * Extended life time for unaccredited Benelux and NE tutorial CA cert and re-rooted namespace to new domain name (NL,BE) * Added worthless replacement gilda 2011 CA (IT) Debian APT support ------------------ The IGTF distributed the trust anchors in various formats. This release adds an 'apt' compliant repository for Debian-based distribution as an experimental service. For details, see https://dist.eugridpma.info/distribution/igtf/current/dists/README.txt Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national grid infrastructure, EGI, OSG, PRACE-RI, DEISA, NAREGI or others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updates substantially. Current estimated but the next release of the distribution in September 2011. Dual-hash OpenSSL v1 support ---------------------------- This distribution comes in two (2) formats. The primary format for this release supports OpenSSL v1 and is designed to be backwards compatible with the old distribution format. If you experience issues with the new format, the old non-OpenSSL-v1 version is still available at https://dist.eugridpma.org/distribution/igtf/current-old/ but you should upgrade as soon as practically possible. Subsequentl releases may withdraw this legacy format without further notice. For more information, please refer to the February 15th 2010 newsletter: https://www.eugridpma.org/newsletter/eugridpma-newsletter-20100215.txt ========================================================================= 2. New version 3 of the CRL retrieval tool available ========================================================================= Downloading CRLs is a critical component in keeping the integrity and security of the trust fabric -- and CRLs should be updated frequently (preferably several times per day). To facilitate automated retrieval of certificate revocation lists (CRLs) by relying parties, the 'fetch-crl' utility is distributed by the IGTF. This tool has been redesigned completely to incorporate new features: - support for OpenSSL version 1 and dual-hash trust anchor naming - parallel downloads to speed up retrieval (from minutes to seconds) - built-in caching support to reduce bandwidth consumption - site- and infrastructure-level fail-over and override mechanisms Relying parties are encouraged to upgrade to this new version 3, available from the EUGridPMA web site and from popular Linux distribution (add-on) repositories such as Fedora, Debian and EPEL. Fetch-crl3 is independent of any software suite and can be used in conjunction with all popular OpenSSL, BouncyCastle and NSS based products. https://dist.eugridpma.info/distribution/util/fetch-crl3/ The documentation and full list of features can be found at http://www.nikhef.nl/grid/fetchcrl3/ Fetch-crl3 is made available under the Apache License version 2.0. The 2.8 series fetch-crl will remain supported until Q2 2012 but new features will no longer be added. The 2.7 series is no longer supported. ========================================================================= REPEATED NOTICES ========================================================================= This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.38 and format change
by David Groep 07 Feb '11

07 Feb '11

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.38 available 2. Distribution format changes in the wake of OpenSSL version 1 3. New version 3 of the CRL retrieval tool fetch-crl available ========================================================================= 1. Updated IGTF distribution version 1.38 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.38, release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ (OpenSSL v1 compatible format) *** note that the default format changed in this release *** Changes from 1.37 to 1.38 ------------------------- (7 February 2011) * Updated meta-data info file for SRCE (HR) * Updated KEK CA root (617ff41b) with extended life time (JP) * Updated contact email address for ArmeSFo (AM) * Extended allowed namespace and new URL for SEE-GRID CA as EGI catch-all (EU) * Extended allowed namespace for NAREGI CA (JP) * Added accredited CILogin MICS CA (US) * Extended life time for NCSA CACL (MICS) CA (US) * Extended life time for NCSA MyProxy (SLCS) CA (US) * Extended life time for NorduGrid CA (DK,NO,SE,FI,IS) * Corrected namespaces file for TCS eScience Personal (EU) This 1.38 release has been built with RPM version 4.4.2.3 and Java 1.6. If you part of a coordinated-deployment project (such as a national grid infrastructure, EGI, OSG, PRACE, DEISA, NAREGI or others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ Next Release ------------ The next release of the distribution is expected in April 2011. ========================================================================= 2. Distribution format changes in the wake of OpenSSL version 1 ========================================================================= IMPORTANT NOTICE ---------------- This distribution comes in two (2) formats. The primary format for this release supports OpenSSL v1 and is designed to be backwards compatible with the old distribution format. If you experience issues with the new format, the old non-OpenSSL-v1 version is still available at https://dist.eugridpma.org/distribution/igtf/current-old/ but you should upgrade as soon as practically possible. This 1.38 will be the LAST VERSION that has such a compatibility package. For more information, please refer to the February 15th newsletter: https://www.eugridpma.org/newsletter/eugridpma-newsletter-20100215.txt ========================================================================= 3. New version 3 of the CRL retrieval tool available ========================================================================= Downloading CRLs is a critical component in keeping the integrity and security of the trust fabric -- and CRLs should be updated frequently (preferably several times per day). To facilitate automated retrieval of certificate revocation lists (CRLs) by relying parties, the 'fetch-crl' utility is distributed by the IGTF. This tool has been redesigned completely to incorporate new features: - support for OpenSSL version 1 and dual-hash trust anchor naming - parallel downloads to speed up retrieval (from minutes to seconds) - built-in caching support to reduce bandwidth consumption - site- and infrastructure-level fail-over and override mechanisms Relying parties are encouraged to upgrade to this new version 3, avialable from the EUGridPMA web site and from popular Linux distribution (add-on) repositories such as Fedora, Debian and EPEL. Fetch-crl3 is independent of any software suite and can be used in conjunction with all popular OpenSSL, BouncyCastle and NSS based products. https://dist.eugridpma.info/distribution/util/fetch-crl3/ The documention and full list of features can be found at http://www.nikhef.nl/grid/fetchcrl3/ Fetch-crl3 is made available under the Apache License version 2.0. The 2.8 series fetch-crl will remain supported until Q2 2012 but new features will no longer be added. Support for the 2.7 series will end on March 31st, 2011. ========================================================================= REPEATED NOTICES ========================================================================= This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file containes important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.37 and format change announcement
by David Groep 28 Sep '10

28 Sep '10

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.37 available 2. Distribution format changes in the wake of OpenSSL version 1 ========================================================================= 1. Updated IGTF distribution version 1.37 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.37, release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ (traditional format) https://dist.eugridpma.info/distribution/igtf/current-new/ (new format) *** note that the default format will change in the next release 1.38 *** Changes from 1.36 to 1.37 ------------------------- (27 September 2010) * Added accredited classic TERENA eScience SSL CA and hierarchy (EU) * Discontinued NGO-Netrust CA (SG) * The OpenSSL1 compliant format no longer adds symlinks for info metadata (such references would result in multiple downloads of the same CRL data when used with FetchCRL3) * Corrected typo errors in namespaces file for AAACertificateServices (EU) * Added CILogon CAs in experimental area (US) This 1.38 release has been built with RPM version 4.4.2.3 and Java 1.6. If you part of a coordinated-deployment project (such as a national grid initiative, EGI, OSG, PRACE, DEISA, NAREGI or others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ Next Release ------------ The next release of the distribution is expected in November 2010. ========================================================================= 2. Distribution format changes in the wake of OpenSSL version 1 ========================================================================= IMPORTANT NOTICE ---------------- This 1.37 distribution comes in two (2) formats. The primary format for this 1.37 release is the 'current' one, which has no material changes. The upcoming format is also available at: https://dist.eugridpma.info/distribution/igtf/current-new/ and supports also OpenSSL v1 and is designed to be backwards compatible with the current distribution format. *** YOU ARE INVITED TO EVALUATE THIS NEW DISTRIBUTION FORMAT NOW *** In the next release (1.38), the 'default' distribution will change to the new format and the current format will be depricated and only available via a special URL. The default download location https://dist.eugridpma.org/distribution/igtf/current/ will then point to the new-format distribution. Releases after 1.39 (Early 2011) may withdraw this then-depricated format and from then on only the 'new' format will be distributed. For more information, please refer to the February 15th newsletter: https://www.eugridpma.org/newsletter/eugridpma-newsletter-20100215.txt ========================================================================= REPEATED NOTICES ========================================================================= This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file containes important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information.

1 0

Updated IGTF distribution version 1.36
by David Groep 25 Jun '10

25 Jun '10

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.36 available 2. Distribution format changes in the wake of OpenSSL version 1 ========================================================================= 1. Updated IGTF distribution version 1.36 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.36, release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ (traditional format) https://dist.eugridpma.info/distribution/igtf/1.36-new/ (new format) Changes from 1.35 to 1.36 ------------------------- (25 June 2010) * Updated root certificate for PLGrid with corrected SAN extension (PL) If you part of a coordinated-deployment project (such as a national grid initiative, OSG, PRACE, DEISA, NAREGI or others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/current Next Release ------------ The next release of the distribution is expected in August 2010. ========================================================================= 2. Distribution format changes in the wake of OpenSSL version 1 ========================================================================= IMPORTANT NOTICE ---------------- This 1.36 distribution comes in two (2) formats. The primary format for this 1.36 release is the 'current' one, which has no changes. A 'new' format, available for your evaluation as of this release at: https://dist.eugridpma.info/distribution/igtf/1.36-new/ supports also OpenSSL v1 and is designed to be backwards compatible with the current distribution format. *** YOU ARE INVITED TO EVALUATE THIS NEW DISTRIBUTION FORMAT NOW *** In a subsequent release (1.36 or 1.36), the 'default' distribution will change to the new format and the current format will be depricated and only available via a special URL. The default download location https://dist.eugridpma.org/distribution/igtf/current/ will then point to the new-format distribution. Releases after 1.36 (Autumn 2010) may withdraw this then-depricated format and from then on only the 'new' format will be distributed. For more information, please refer to the February 15th newsletter: https://www.eugridpma.org/newsletter/eugridpma-newsletter-20100215.txt ========================================================================= REPEATED NOTICES ========================================================================= This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file containes important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution version 1.35, new version of fetch-crl
by David Groep 11 Jun '10

11 Jun '10

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.35 available 2. Distribution format changes in the wake of OpenSSL version 1 (repeated annoucement) 3. New version of fetch-crl 2.8.5 ========================================================================= 1. Updated IGTF distribution version 1.35 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.35, release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ (traditional format) https://dist.eugridpma.info/distribution/igtf/1.35-new/ (new format) Changes from 1.34 to 1.35 ------------------------- (11 Jun 2010) * Updated root certificate for SRCE with new extensions and life time (HR) * Updated root certificate for ROSA with new AKI extension and serial (RO) * Removed obsoleted CAs from experimental area (US) If you part of a coordinated-deployment project (such as a national grid initiative, OSG, PRACE, DEISA, NAREGI or others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/current Next Release ------------ The next release of the distribution is expected in August 2010. ========================================================================= 2. Distribution format changes in the wake of OpenSSL version 1 ========================================================================= IMPORTANT NOTICE ---------------- This 1.35 distribution comes in two (2) formats. The primary format for this 1.35 release is the 'current' one, which has no changes. A 'new' format, available for your evaluation as of this release at: https://dist.eugridpma.info/distribution/igtf/1.35-new/ supports also OpenSSL v1 and is designed to be backwards compatible with the current distribution format. *** YOU ARE INVITED TO EVALUATE THIS NEW DISTRIBUTION FORMAT NOW *** In a subsequent release (1.35 or 1.36), the 'default' distribution will change to the new format and the current format will be depricated and only available via a special URL. The default download location https://dist.eugridpma.org/distribution/igtf/current/ will then point to the new-format distribution. Releases after 1.36 (Autumn 2010) may withdraw this then-depricated format and from then on only the 'new' format will be distributed. For more information, please refer to the February 15th newsletter: https://www.eugridpma.org/newsletter/eugridpma-newsletter-20100215.txt ========================================================================= 3. New version of fetch-crl 2.8.5 ========================================================================= The fetch-crl utility has seen some major improvement over the last year, and the new 2.8 series is now fully compliant with common GNU/Linux packaging conventions as used by for example Feroda, Debian and RedHat Enterprise Linux. We would like to thank Steve Traylen (CERN) and Mattias Ellert (Uppsala University) for their efforts in incorporating fetch-crl in these distributions. Some key changes in 2.8: * Configuration file has moved from /etc/sysconfig to /etc/fetch-crl.conf * New init scripts and a cron job entry have been added to allow management of fetch-crl via the chkconfig mechanism, and a chkconfig compliant init script is included (it is not enabled by default, though) as well as these improvements: * installed CRL file are re-checked for validity to catch file system errors and local disk corruption. When possible, it will try to restore a backup copy. Such failures are not subject to aging tolerance. * Improved support for multiple CRL URLs by downloading until a success is achieved, instead of downloading all of them * a "random wait" period can be added to prevent network load spikes. This is recommended in case the job is run from cron. * better compliance with SELinux, where the file context of CRL files is now preserved Remember that the aging tolerance flag, introduced in 2.6, includes a 24 hour grace period to allow for network interruptions. This reflects the suggested grace period of the IGTF. You can explicitly set the aging tolerance for network interruptions using the "-a" command-line argument, or the configuration file setting You can download the latest version of fetch-crl from: https://dist.eugridpma.info/distribution/util/fetch-crl/ from your local IGTF mirrors, and of course from Fedora, EPEL and Debian. FetchCRL3 --------- A complete re-write of fetch-crl (Fetch-crl3) is currently in beta- testing and will add more features as well as scalability and redundancy options. It will also be the first version to support OpenSSL1 and the Mozilla NSS systems. Users interested in participating the beta programme are invited to contact the EUGridPMA at <info(a)eugridpma.org> ========================================================================= REPEATED NOTICES ========================================================================= This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file containes important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

← Newer
1
...
8
9
10
11
12
13
14
...
17
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

eugridpma-announce