eugridpma-announce

eugridpma-announce@nikhef.nl

160 discussions

Updated IGTF distribution 1.60
by David Groep 27 Oct '14

27 Oct '14

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.60 available ========================================================================= 1. Updated IGTF distribution version 1.60 available ========================================================================= A new distribution of Accredited Authorities by the Interoperable Global Trust Federation, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities and retires expiring trust anchors. This is version 1.60 release 1 and it is now available for download from the Repository (and mirrors) at https://dist.igtf.net/distribution/igtf/current/ Changes from 1.59 to 1.60 ------------------------- (27 October 2014) * Added new SHA-2 hierarchies for TERENA Certificate Service (ed. 2009) (EU) Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of November 2014. ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ and by the EUGridPMA at https://dist.eugridpma.info/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.igtf.net/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.59 and end-of-life pre-announcement for Yum2 headers support
by David Groep 29 Sep '14

29 Sep '14

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.59 available 2. End of support for RPM yum version 2 (headers) distributions in 2015 ========================================================================= 1. Updated IGTF distribution version 1.59 available ========================================================================= A new distribution of Accredited Authorities by the Interoperable Global Trust Federation, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities and retires expiring trust anchors. This is version 1.59 release 1 and it is now available for download from the Repository (and mirrors) at https://dist.igtf.net/distribution/igtf/current/ Changes from 1.58 to 1.59 ------------------------- (release date 2014-09-29) * Added accredited mics HPCI CA (JP) * Updated crl_url for NCSA-slcs-2013 and NCSA-tfca-2013 (US) * Renamed QuoVadis classic grid issuing CA to QuoVadis-Grid-ICA (CH, BM) NOTE: although this appears to obsolete the SWITCH-QV intermediate trust anchor, it is merely a re-naming. The new QuoVadis-Grid-ICA provides the same trust anchor and will continue to support the Swiss subscriber base of QuoVadis without any change. Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of October 2014. ========================================================================= 2. End of support for RPM yum version 2 ("headers") distributions in 2015 ========================================================================= The IGTF distributes repositories of trust anchors packaged in the RPM Package Manager format as usd by many GNU/Linux distributions. These repositories come pre-populated with package meta-data used by the Yellowdog Updater, Modified (yum) in two formats: headers (used by yum versions 1 and 2, and XML repodata (yum version 3+). The main platform(s) supported by rpm and yum are Fedora Core, RHEL, and CentOS. The versions of these distributions that depend on yum version 2 and the 'headers' meta-data are now no longer supported, and in the long term the IGTF will no longer be able to generate yum-2 'header' meta-data for these repositories. This affects Fedora Core 1, 2, and 3, CentOS 3.x, and RedHat Enterprise Linux 3 when used with yum. The last one (RHEL3) has reached end of extended life phase in January 2014. Starting in January 2015, IGTF repositories may no longer contain the 'headers/' directory with meta-data and thus will no longer support yum version 2. Relying parties depending on the use of yum version 2 must thereafter (re)generate the relevant repository meta-data. This change *does not* impact CentOS, nor RHEL4 (end of extended life foreseen for March 31, 2017), nor FC4, nor later versions of the listed operating system distributions. ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ and by the EUGridPMA at https://dist.eugridpma.info/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.igtf.net/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.58
by David Groep 30 Jun '14

30 Jun '14

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.58 available ========================================================================= 1. Updated IGTF distribution version 1.58 available ========================================================================= A new distribution of Accredited Authorities by the Interoperable Global Trust Federation, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities and retires expiring trust anchors. This is version 1.58 release 1 and it is now available for download from the Repository (and mirrors) at https://dist.igtf.net/distribution/igtf/current/ Changes from 1.57 to 1.58 ------------------------- (30 June 2014) * Added accredited classic InCommon Server IGTF SSL CA and intermediate Comodo RSA CA (SHA-2) (US) * Extended permitted namespaces for AddTrust-External-CA-Root (EU, US) * Updated CILogon Basic CA from experimental to accredited:iota (US) * Updated certificate URL for IHEP-CA-2013 39d30eba (CN) * Discontinued expiring SEE-GRID '2004' CA - since replaced by new SEEGRID-CA-2013 (GR) * Discontinued retired PRAGMA-UCSD CA (US) Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of August 2014. ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ and by the EUGridPMA at https://dist.eugridpma.info/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.igtf.net/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.57 and new fetch-crl3 version
by David Groep 03 Jun '14

03 Jun '14

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.57 available 2. Updated fetch-crl3 (3.0.13) with improved configuration and startup resilience options ========================================================================= 1. Updated IGTF distribution version 1.57 available ========================================================================= A new distribution of Accredited Authorities by the Interoperable Global Trust Federation, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities and retires expiring trust anchors. This is version 1.57 release 1 and it is now available for download from the Repository (and mirrors) at https://dist.igtf.net/distribution/igtf/current/ Changes from 1.56 to 1.57 ------------------------- (2 June 2014) * Discontinued obsoleted IHEP (2009) CA ba2f39ca (CN) * Removed discontinued NCSA Two Factor CA following migration to NCSA Two Factor CA 2013 (US) Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of June 2013. ========================================================================= 2. Updated fetch-crl3 (3.0.13) with improved configuration and startup resilience options ========================================================================= A new minor release of fetch-crl is now available from the IGTF distribution web site. This new version allows for faster response times on system boot (if configured to run at boot time), and has improvements for caterign with unresponsive CRL URLs. Most important changes in version 3.0.13: * Supplied system init script for boot phase will not re-run inadvertently * Add rcmode config option (added differentiated reporting and success-on-solely-retrieval-errors) * Add --define key=val command line argument to augment configuration data For documentation see http://www.nikhef.nl/grid/fetchcrl3/, and you can download the new version in RRM and source form at https://dist.eugridpma.info/distribution/util/fetch-crl/ ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.56 and more authentication profiles
by David Groep 31 Mar '14

31 Mar '14

From: David Groep <info(a)eugridpma.org> Date: Mon, 31 Mar 2014 12:00:00 +0200 Subject: Updated IGTF distribution 1.56 and more authentication profiles Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.56 available 1. Identifier-Only Trust Assurance Profile information ========================================================================= 1. Updated IGTF distribution version 1.56 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.56 release 1 and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ Changes from 1.55 to 1.56 ------------------------- (31 March 2014) * Removed discontinued SWITCHslcs2011 and associated Root (CH) * Removed discontinued APAC CA (AU) * Removed discontinued DoEGrids CA and ESnet root (US) * Add reference to CA website for AustrianGrid CA (AT) * Add new subordinates for DigiCert: 1cdf1cd9/DigiCertGridCA-1G2-Classic and 5d9ea26d/DigiCertGridTrustCAG2-Classic (US) * Add meta-package for the IOTA-accredited CAs. Please note that there are no IOTA accredited CAs as this point in time. For specifications see https://www.eugridpma.org/guidelines/IOTA/ * Debian packaging dependencies in meta-packages now correctly use all- lower-case package names throughout Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of April 2013. ========================================================================= 2. Identifier Only Trust Assurance Authentication Profile ========================================================================= In the coming month, the IGTF will be introducing a new authentication profile, supporting use cases where identity can be assured in a tight collaboration between relying parties and identity providers. It is a *distinct assurance level* adequate only to ensure unique, non-re-assigned identities, generated by authorities using secured and trusted infra- structure. The IOTA assurance level will usually be supported by federated identity providers. Unless explicitly enabled otherwise, this addition of the IOTA profile WILL NOT impact relying parties in any way. It is an explicit choice. IOTA authorities are not part of any of the existing AP profile bundles. IOTA authorities are not required to collect more data than are necessary for fulfilling the uniqueness requirements, and credentials issued by authorities under this profile may not provide sufficient information to independently trace individual subscribers. IOTA asertions should be used in conjunction with complementary identification and vetting processes. Relying parties that currently have a managed enrollment programme where user vetting already takes place, and who themselves hold and manage user contacts and identity vetting, may be interested in supporting IOTA. For more details about IOTA, please refer to the authentication profile https://www.eugridpma.org/guidelines/IOTA/ At this point no authorities have yet been accredited under this profile. More information will be distributed when the first identity providers will have been accredited under this profile. You are welcome to contact your national IGTF accredited authority or regional PMA for more information. ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

SURF***SPAM***5.6 Updated IGTF distribution 1.56 and more authentication profiles
by David Groep 31 Mar '14

31 Mar '14

1 0

Updated IGTF distribution 1.55 - with deployment notices
by David Groep 25 Nov '13

25 Nov '13

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.55 available 2. SPECIAL NOTICE for the NorduGrid CA update 3. End of single-hash distribution format ========================================================================= 1. Updated IGTF distribution version 1.55 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.55 release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ Changes from 1.54 to 1.55 ------------------------- (25 November 2013) THIS RELEASE IS THE LAST ONE ALSO TO BE DISTRIBUTED IN SINGLE HASH FORMAT * New root certificate with extended life time for NorduGrid CA 1f0e8352 (DK) * Updated contact metadata for all RENATER Grid-FR related CAs (FR) * Updated CRL URL and metadata for IHEP 2013 CA 39d30eba (CN) * New root certificates for NCSA CA re-key: MyProxy CA 2013 c36f6349/7aa2b7bd and Two Factor CA 2013 ca157cee/48c8f10a (US) * New root certificate for EGI catch-all CA "SEEGRID-CA-2013" 772dbd1c (GR) * Removed AIST Grid CA (JP) * Discontinued IUCC CA (6fee79b0) following migration to TCS (IL) * Suspended JUnet-CA (b3222f9e) (JO) * Removed expired unaccredited CAs (misc) * Added unaccredited worthless NL e-Infra Zero tutorial CA 338a3561 (NL) Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of January 2013. ========================================================================= 2. SPECIAL NOTICE for the NorduGrid CA update ========================================================================= The renewed NorduGrid CA root certificate (OpenSSL0.x hash 1f0e8352) for technical reasons was re-issued with the same serial number. This is known to cuase issues in selected software products, including some web browsers (both NSS based products as well as Internet Exporer) and in some distributed computing software (in particular the EMI CANL library). It ONLY affects cases where BOTH client AND server use the NorduGrid CA. You may experience authentication failures between clients and servers that mutually authenticate, and BOTH use the NorduGrid CA (e.g. a computing service authenticating to a VOMS server for retrieving information), and where the client sends the full certificate chain. Selected PKI libraries, in particular including the EMI CANL, may fail to authenticate if client and server use different versions of the NorduGrid CA (e.g. because the server was upgraded to 1.55 and the client is still at 1.54). For technical reasons it is not possible to avoid this condition, and you are advised to upgrade both sides to version 1.55 as soon as practical to resolve this condition. For more information, please refer to the NorduGrid CA: http://ca.nordugrid.org/ ========================================================================= 3. End of the single-hash distribution format ========================================================================= This 1.55 release will be the last one which is distributed also in a format containing solely the OpenSSL0.x type "MD5" hashed names of the trust anchor subjects. A new format was introduced in January 2010 to accomodate both the OpenSSL 0.x as well as the OpenSSL 1+ style hashes, using an approach of symlinking on POSIX-compliant platforms (akin to the model used by OpenSSL itself). On non-POSIX platforms, the alias name of the CA is used instead, for example in the Java Key Store format. For a while, some software producs were not able to deal with this dual-hash format, but these products have since been replaced by more recent versions and all software known to the IGTF since mid-2012 is capable of supported the dual-hash format. Given the complexity of retaining the single hash format in the face of more diverse CAs, we will hereby withdraw the old format completely. As of 1.56, no single hash format will be published. ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.54
by David Groep 24 Jun '13

24 Jun '13

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.54 available ========================================================================= 1. Updated IGTF distribution version 1.54 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.54 release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ Changes from 1.53 to 1.54 ------------------------- (24 June 2013) * Extended life time of Grid-KA CA (dd4b34ea) (DE) * Added new CERN hierarchy for CERN IT/IS CA (SHA2 migration) (CH) * Updated metadata for GridGermany DFN-CERT CAs (DE) * Updated contact metadata for KEK (JP) * Updated contact metadata for HKU (HK) * Updated contact metadata for AIST (JP) Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of August 2013. ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.53 and new version of fetch-crl 3.0.10
by David Groep 28 May '13

28 May '13

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.53 available 2. fetch-crl v3.0.10 introduces IPv6 perl glue functionality ========================================================================= 1. Updated IGTF distribution version 1.53 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.53 release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ Changes from 1.52 to 1.53 ------------------------- (27 May 2013) * Added new root cert for IHEP CA (2013) (CN) * Removed retired NCSA GridShib CA (e8ac4b61) (US) * Removed backup crl_url locations for CILogon CAs due to future crl.doegrids.org shutdown. (US) * Removed retired TACC CAs (2ac09305, 684261aa, e5cc84c2) (US) * Updated NERSC CA (b93d6240) to extend validity and change to self-signed rather than subordinate to ESnet (US) Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of June 2013. ========================================================================= 2. fetch-crl v3.0.10 introduces IPv6 perl glue functionality ========================================================================= The fetch-crl utility will retrieve certificate revocation lists (CRLs) for a set of installed trust anchors, based on crl_url files or IGTF-style info files. It will install these for use with OpenSSL, NSS or third-party tools. Changes in 3.0.10-1 ---------------------- * Added a "noquiet" option in the configuration file that will override the default single "-q" option in the cro-job that is shipped with the fetch-crl3 init scripts (feature request by Ryan Taylor) * Added option "--inet6glue" and "inet6glue" config setting to load the Net::INET6Glue perl module (if it is available) to use IPv6 connections in LWP to download CRLs Download fetch-crl from https://dist.eugridpma.info/distribution/util/fetch-crl3/ and read about it at http://www.nikhef.nl/grid/fetchcrl3 ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

SURF***SPAM***9.0 Updated IGTF distribution 1.53 and new version of fetch-crl 3.0.10
by David Groep 28 May '13

28 May '13

1 0

← Newer
1
...
6
7
8
9
10
11
12
...
16
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

eugridpma-announce