RFC proxy and SHA-2 signature support in WLCG middleware


IGTF would like CAs to move from SHA-1 to SHA-2 signatures ASAP, to anticipate concerns about the long-term safety of the former.

For WLCG this originally implied using RFC proxies instead of the Globus legacy proxies in use today, but that constraint has been avoided since Jan 2013:

The latest IGTF timeline aims to allow SHA-2 certificates to be introduced by Dec 1, 2013. See the minutes of the Sep 19 WLCG Operations Coordination meeting.

EGI and EMI have assessed per product which version is supposed to be ready for SHA-2 certificates:

EGI will pursue the uptake of the required versions in the EGI infrastructure and OSG will do the same for their products in their infrastructure.

The LHC experiments are asked to check their own services and clients explicitly:

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r5 - 2013-09-26 - MaartenLitmaath
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback