eugridpma-announce

eugridpma-announce@nikhef.nl

1 participants
163 discussions

Updated IGTF distribution 1.63 and ancillary information
by David Groep 30 Mar '15

30 Mar '15

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.63 available 2. [repeated] Notice for system operators using the (issuer-subject) combination for identifying users ========================================================================= 1. Updated IGTF distribution version 1.63 available ========================================================================= A new distribution of Accredited Authorities by the Interoperable Global Trust Federation, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities and retires expiring trust anchors. This is version 1.63 release 1 and it is now available for download from the Repository (and mirrors) at https://dist.igtf.net/distribution/igtf/current/ Changes from 1.62 to 1.63 ------------------------- (30 March 2015) * Removed obsoleted and replaced NIIF CA (HU) * Extended validity period of the KEK CA (JP) * Removed obsoleted d254cc30/CERN-Root 1d879c6c/CERN-TCA anchors (CERN) * Updated RPDNC namespaces to permit DigiCert Grid Trust G2 ICAs for DigiCert Assured ID Root CA (US) * Updated RPDNC namespaces and signing_policy files for G2 series DigiCert Grid CAs pending ICA reissuance for reverse RDN issue (US) * Nomalised cond_subject syntax for multiple signing policy files cilogon-basic cilogon-silver InCommon-IGTF-Server-CA NCSA-slcs-2013 NCSA-tfca-2013 Comodo-RSA-CA Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of April 2015. ========================================================================= 2. Notice for system operators using the (issuer-subject) combination for identifying users ========================================================================= The IGTF coordinates a trust fabric that provides unique non-reassigned identifiers to end-entities (users). This means that, with the scope of the IGTF authorities, you can use the subject name as a key to e.g. community membership databases, and to assign data ownership and access rights. Several updates to this trust anchor distribution incorporate changes to the name of the issuing authority, but the name of the end-entities and the users remains exactly the same. This usually permits users to use those new issuing services without loosing (data) ownership or community memberships. However, the IGTF is aware that some systems, in particularly VOMS and VOMS-Admin, were traditionally deployed such that also the issuer was used to identify the users. To make the changes in this and future releases transparent, all operators of VOMS and VOMS-Admin services are requested to enable the subject-only name resolution mechanisms in VOMS and VOMS Admin: - on the VOMS core Attribute Authority service, configure the "-skipcacheck" flag on start-up. In YAIM this is done by setting "VOMS_SKIP_CA_CHECK" to true. See https://wiki.italiangrid.it/twiki/bin/view/VOMS/VOMSYAIMGuide - update VOMS-Admin to version >= 3.3.2, and set "voms.skip_ca_check=True" in the service properties. For more info, read the release notes at http://italiangrid.github.io/voms/release-notes/voms-admin-server/3.3.2/ For other products, please refer to the documentation provided by your supplier. Products such as Apache httpd itself and most web-based products (MediaWiki, TWiki, etc) use subject-name matching only and are thius fully compatible. No changes are needed for these and like products. ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (e.g. a national or regional e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI or others) you may want to await their announcement before installing the release. They could include localised adaptations. For reference we include the links below: PRACE-RI http://winnetou.sara.nl/prace/certs/ EGI https://wiki.egi.eu/wiki/EGI_IGTF_Release wLCG https://lcg-ca.web.cern.ch Open Science Grid https://software.grid.iu.edu/cadist/ Supplementary download locations -------------------------------- The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ and by the EUGridPMA at https://dist.eugridpma.info/distribution/igtf/ Where possible validate trust anchors with the GEANT TACAR Repository https://www.tacar.org/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.igtf.net/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.62 and ancillary information
by David Groep 23 Feb '15

23 Feb '15

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.62 available 2. Notice for system operators using the (issuer-subject) combination for identifying users ========================================================================= 1. Updated IGTF distribution version 1.62 available ========================================================================= A new distribution of Accredited Authorities by the Interoperable Global Trust Federation, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities and retires expiring trust anchors. This is version 1.62 release 1 and it is now available for download from the Repository (and mirrors) at https://dist.igtf.net/distribution/igtf/current/ Changes from 1.61 to 1.62 ------------------------- (23 February 2015) * Added Root CA 2 for NIIF (HU) * Extended validity period for pkIRISgrid CA (ES) * Updated DigiCert root CA meta-data in preparation for TCS (US) * Included GEANT TCS CA G3 trust anchors (EU) * Temporarily suspended HIAST/74c6eaeb for operational reasons (SY) * Discontinued ULAGrid-CA-2008 CA (VE) * Discontinued NCHC CA (TW) Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of March 2015. ========================================================================= 2. Notice for system operators using the (issuer-subject) combination for identifying users ========================================================================= The IGTF coordinates a trust fabric that provides unique non-reassigned identifiers to end-entities (users). This means that, with the scope of the IGTF authorities, you can use the subject name as a key to e.g. community membership databases, and to assign data ownership and access rights. Several updates to this trust anchor distribution incorporate changes to the name of the issuing authority, but the name of the end-entities and the users remains exactly the same. This usually permits users to use those new issuing services without loosing (data) ownership or community memberships. However, the IGTF is aware that some systems, in particularly VOMS and VOMS-Admin, were traditionally deployed such that also the issuer was used to identify the users. To make the changes in this and future releases transparent, all operators of VOMS and VOMS-Admin services are requested to enable the subject-only name resolution mechanisms in VOMS and VOMS Admin: - on the VOMS core Attribute Authority service, configure the "-skipcacheck" flag on start-up. In YAIM this is done by setting "VOMS_SKIP_CA_CHECK" to true. See https://wiki.italiangrid.it/twiki/bin/view/VOMS/VOMSYAIMGuide - update VOMS-Admin to version >= 3.3.2, and set "voms.skip_ca_check=True" in the service properties. For more info, read the release notes at http://italiangrid.github.io/voms/release-notes/voms-admin-server/3.3.2/ For other products, please refer to the documentation provided by your supplier. Products such as Apache httpd itself and most web-based products (MediaWiki, TWiki, etc) use subject-name matching only and are thius fully compatible. No changes are needed for these and like products. ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ and by the EUGridPMA at https://dist.eugridpma.info/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.igtf.net/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.61
by David Groep 01 Dec '14

01 Dec '14

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.61 available ========================================================================= 1. Updated IGTF distribution version 1.61 available ========================================================================= A new distribution of Accredited Authorities by the Interoperable Global Trust Federation, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities and retires expiring trust anchors. This is version 1.61 release 1 and it is now available for download from the Repository (and mirrors) at https://dist.igtf.net/distribution/igtf/current/ Changes from 1.60 to 1.61 ------------------------- (1 December 2014) * Added new IPv6-capable crl_url entries for NCSA and CILogon CAs (US) * Added accredited TSU (Georgia) CA (GE) * Extended life time and updated digest function of AustrianGrid CA (AT) Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of January 2015. ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ and by the EUGridPMA at https://dist.eugridpma.info/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.igtf.net/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.60
by David Groep 27 Oct '14

27 Oct '14

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.60 available ========================================================================= 1. Updated IGTF distribution version 1.60 available ========================================================================= A new distribution of Accredited Authorities by the Interoperable Global Trust Federation, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities and retires expiring trust anchors. This is version 1.60 release 1 and it is now available for download from the Repository (and mirrors) at https://dist.igtf.net/distribution/igtf/current/ Changes from 1.59 to 1.60 ------------------------- (27 October 2014) * Added new SHA-2 hierarchies for TERENA Certificate Service (ed. 2009) (EU) Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of November 2014. ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ and by the EUGridPMA at https://dist.eugridpma.info/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.igtf.net/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.59 and end-of-life pre-announcement for Yum2 headers support
by David Groep 29 Sep '14

29 Sep '14

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.59 available 2. End of support for RPM yum version 2 (headers) distributions in 2015 ========================================================================= 1. Updated IGTF distribution version 1.59 available ========================================================================= A new distribution of Accredited Authorities by the Interoperable Global Trust Federation, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities and retires expiring trust anchors. This is version 1.59 release 1 and it is now available for download from the Repository (and mirrors) at https://dist.igtf.net/distribution/igtf/current/ Changes from 1.58 to 1.59 ------------------------- (release date 2014-09-29) * Added accredited mics HPCI CA (JP) * Updated crl_url for NCSA-slcs-2013 and NCSA-tfca-2013 (US) * Renamed QuoVadis classic grid issuing CA to QuoVadis-Grid-ICA (CH, BM) NOTE: although this appears to obsolete the SWITCH-QV intermediate trust anchor, it is merely a re-naming. The new QuoVadis-Grid-ICA provides the same trust anchor and will continue to support the Swiss subscriber base of QuoVadis without any change. Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of October 2014. ========================================================================= 2. End of support for RPM yum version 2 ("headers") distributions in 2015 ========================================================================= The IGTF distributes repositories of trust anchors packaged in the RPM Package Manager format as usd by many GNU/Linux distributions. These repositories come pre-populated with package meta-data used by the Yellowdog Updater, Modified (yum) in two formats: headers (used by yum versions 1 and 2, and XML repodata (yum version 3+). The main platform(s) supported by rpm and yum are Fedora Core, RHEL, and CentOS. The versions of these distributions that depend on yum version 2 and the 'headers' meta-data are now no longer supported, and in the long term the IGTF will no longer be able to generate yum-2 'header' meta-data for these repositories. This affects Fedora Core 1, 2, and 3, CentOS 3.x, and RedHat Enterprise Linux 3 when used with yum. The last one (RHEL3) has reached end of extended life phase in January 2014. Starting in January 2015, IGTF repositories may no longer contain the 'headers/' directory with meta-data and thus will no longer support yum version 2. Relying parties depending on the use of yum version 2 must thereafter (re)generate the relevant repository meta-data. This change *does not* impact CentOS, nor RHEL4 (end of extended life foreseen for March 31, 2017), nor FC4, nor later versions of the listed operating system distributions. ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ and by the EUGridPMA at https://dist.eugridpma.info/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.igtf.net/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.58
by David Groep 30 Jun '14

30 Jun '14

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.58 available ========================================================================= 1. Updated IGTF distribution version 1.58 available ========================================================================= A new distribution of Accredited Authorities by the Interoperable Global Trust Federation, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities and retires expiring trust anchors. This is version 1.58 release 1 and it is now available for download from the Repository (and mirrors) at https://dist.igtf.net/distribution/igtf/current/ Changes from 1.57 to 1.58 ------------------------- (30 June 2014) * Added accredited classic InCommon Server IGTF SSL CA and intermediate Comodo RSA CA (SHA-2) (US) * Extended permitted namespaces for AddTrust-External-CA-Root (EU, US) * Updated CILogon Basic CA from experimental to accredited:iota (US) * Updated certificate URL for IHEP-CA-2013 39d30eba (CN) * Discontinued expiring SEE-GRID '2004' CA - since replaced by new SEEGRID-CA-2013 (GR) * Discontinued retired PRAGMA-UCSD CA (US) Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of August 2014. ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ and by the EUGridPMA at https://dist.eugridpma.info/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.igtf.net/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.57 and new fetch-crl3 version
by David Groep 02 Jun '14

02 Jun '14

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.57 available 2. Updated fetch-crl3 (3.0.13) with improved configuration and startup resilience options ========================================================================= 1. Updated IGTF distribution version 1.57 available ========================================================================= A new distribution of Accredited Authorities by the Interoperable Global Trust Federation, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities and retires expiring trust anchors. This is version 1.57 release 1 and it is now available for download from the Repository (and mirrors) at https://dist.igtf.net/distribution/igtf/current/ Changes from 1.56 to 1.57 ------------------------- (2 June 2014) * Discontinued obsoleted IHEP (2009) CA ba2f39ca (CN) * Removed discontinued NCSA Two Factor CA following migration to NCSA Two Factor CA 2013 (US) Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of June 2013. ========================================================================= 2. Updated fetch-crl3 (3.0.13) with improved configuration and startup resilience options ========================================================================= A new minor release of fetch-crl is now available from the IGTF distribution web site. This new version allows for faster response times on system boot (if configured to run at boot time), and has improvements for caterign with unresponsive CRL URLs. Most important changes in version 3.0.13: * Supplied system init script for boot phase will not re-run inadvertently * Add rcmode config option (added differentiated reporting and success-on-solely-retrieval-errors) * Add --define key=val command line argument to augment configuration data For documentation see http://www.nikhef.nl/grid/fetchcrl3/, and you can download the new version in RRM and source form at https://dist.eugridpma.info/distribution/util/fetch-crl/ ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

Updated IGTF distribution 1.56 and more authentication profiles
by David Groep 31 Mar '14

31 Mar '14

From: David Groep <info(a)eugridpma.org> Date: Mon, 31 Mar 2014 12:00:00 +0200 Subject: Updated IGTF distribution 1.56 and more authentication profiles Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.56 available 1. Identifier-Only Trust Assurance Profile information ========================================================================= 1. Updated IGTF distribution version 1.56 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.56 release 1 and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ Changes from 1.55 to 1.56 ------------------------- (31 March 2014) * Removed discontinued SWITCHslcs2011 and associated Root (CH) * Removed discontinued APAC CA (AU) * Removed discontinued DoEGrids CA and ESnet root (US) * Add reference to CA website for AustrianGrid CA (AT) * Add new subordinates for DigiCert: 1cdf1cd9/DigiCertGridCA-1G2-Classic and 5d9ea26d/DigiCertGridTrustCAG2-Classic (US) * Add meta-package for the IOTA-accredited CAs. Please note that there are no IOTA accredited CAs as this point in time. For specifications see https://www.eugridpma.org/guidelines/IOTA/ * Debian packaging dependencies in meta-packages now correctly use all- lower-case package names throughout Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of April 2013. ========================================================================= 2. Identifier Only Trust Assurance Authentication Profile ========================================================================= In the coming month, the IGTF will be introducing a new authentication profile, supporting use cases where identity can be assured in a tight collaboration between relying parties and identity providers. It is a *distinct assurance level* adequate only to ensure unique, non-re-assigned identities, generated by authorities using secured and trusted infra- structure. The IOTA assurance level will usually be supported by federated identity providers. Unless explicitly enabled otherwise, this addition of the IOTA profile WILL NOT impact relying parties in any way. It is an explicit choice. IOTA authorities are not part of any of the existing AP profile bundles. IOTA authorities are not required to collect more data than are necessary for fulfilling the uniqueness requirements, and credentials issued by authorities under this profile may not provide sufficient information to independently trace individual subscribers. IOTA asertions should be used in conjunction with complementary identification and vetting processes. Relying parties that currently have a managed enrollment programme where user vetting already takes place, and who themselves hold and manage user contacts and identity vetting, may be interested in supporting IOTA. For more details about IOTA, please refer to the authentication profile https://www.eugridpma.org/guidelines/IOTA/ At this point no authorities have yet been accredited under this profile. More information will be distributed when the first identity providers will have been accredited under this profile. You are welcome to contact your national IGTF accredited authority or regional PMA for more information. ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

SURF***SPAM***5.6 Updated IGTF distribution 1.56 and more authentication profiles
by David Groep 31 Mar '14

31 Mar '14

1 0

Updated IGTF distribution 1.55 - with deployment notices
by David Groep 25 Nov '13

25 Nov '13

Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.55 available 2. SPECIAL NOTICE for the NorduGrid CA update 3. End of single-hash distribution format ========================================================================= 1. Updated IGTF distribution version 1.55 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.55 release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ Changes from 1.54 to 1.55 ------------------------- (25 November 2013) THIS RELEASE IS THE LAST ONE ALSO TO BE DISTRIBUTED IN SINGLE HASH FORMAT * New root certificate with extended life time for NorduGrid CA 1f0e8352 (DK) * Updated contact metadata for all RENATER Grid-FR related CAs (FR) * Updated CRL URL and metadata for IHEP 2013 CA 39d30eba (CN) * New root certificates for NCSA CA re-key: MyProxy CA 2013 c36f6349/7aa2b7bd and Two Factor CA 2013 ca157cee/48c8f10a (US) * New root certificate for EGI catch-all CA "SEEGRID-CA-2013" 772dbd1c (GR) * Removed AIST Grid CA (JP) * Discontinued IUCC CA (6fee79b0) following migration to TCS (IL) * Suspended JUnet-CA (b3222f9e) (JO) * Removed expired unaccredited CAs (misc) * Added unaccredited worthless NL e-Infra Zero tutorial CA 338a3561 (NL) Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of January 2013. ========================================================================= 2. SPECIAL NOTICE for the NorduGrid CA update ========================================================================= The renewed NorduGrid CA root certificate (OpenSSL0.x hash 1f0e8352) for technical reasons was re-issued with the same serial number. This is known to cuase issues in selected software products, including some web browsers (both NSS based products as well as Internet Exporer) and in some distributed computing software (in particular the EMI CANL library). It ONLY affects cases where BOTH client AND server use the NorduGrid CA. You may experience authentication failures between clients and servers that mutually authenticate, and BOTH use the NorduGrid CA (e.g. a computing service authenticating to a VOMS server for retrieving information), and where the client sends the full certificate chain. Selected PKI libraries, in particular including the EMI CANL, may fail to authenticate if client and server use different versions of the NorduGrid CA (e.g. because the server was upgraded to 1.55 and the client is still at 1.54). For technical reasons it is not possible to avoid this condition, and you are advised to upgrade both sides to version 1.55 as soon as practical to resolve this condition. For more information, please refer to the NorduGrid CA: http://ca.nordugrid.org/ ========================================================================= 3. End of the single-hash distribution format ========================================================================= This 1.55 release will be the last one which is distributed also in a format containing solely the OpenSSL0.x type "MD5" hashed names of the trust anchor subjects. A new format was introduced in January 2010 to accomodate both the OpenSSL 0.x as well as the OpenSSL 1+ style hashes, using an approach of symlinking on POSIX-compliant platforms (akin to the model used by OpenSSL itself). On non-POSIX platforms, the alias name of the CA is used instead, for example in the Java Key Store format. For a while, some software producs were not able to deal with this dual-hash format, but these products have since been replaced by more recent versions and all software known to the IGTF since mid-2012 is capable of supported the dual-hash format. Given the complexity of retaining the single hash format in the face of more diverse CAs, we will hereby withdraw the old format completely. As of 1.56, no single hash format will be published. ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI and others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at <info(a)eugridpma.org> or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information. -- David Groep ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group ** ** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **

1 0

← Newer
1
...
6
7
8
9
10
11
12
...
17
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

eugridpma-announce