(r3) RFCproxySHA2support < LCG

LCG Web>LCGGridDeployment>RFCproxySHA2support (revision 3) (raw view)~~EditAttachPDF~~
%TOC%

---+ RFC proxy and SHA-2 signature support in WLCG middleware

---++ Introduction

IGTF would like CAs to move from SHA-1 to SHA-2 signatures ASAP,
to anticipate concerns about the long-term safety of the former.

   *  See https://twiki.grid.iu.edu/bin/view/Security/HashAlgorithms

For WLCG this implies using RFC proxies instead of the
Globus legacy proxies in use today.

   * See [[https://indico.cern.ch/getFile.py/access?sessionId=4&resId=3&materialId=0&confId=155064][Jan GDB presentation]]
   for detailed explanation

Updates on the state of affairs are regularly presented in GDB meetings:

   * [[http://indico.cern.ch/getFile.py/access?contribId=5&resId=1&materialId=slides&confId=155072][Sep 2012]]
   * [[https://indico.cern.ch/getFile.py/access?contribId=1&resId=1&materialId=slides&confId=155070][Jul 2012]]
   * [[https://indico.cern.ch/getFile.py/access?contribId=4&resId=1&materialId=slides&confId=155067][Apr 2012]]
   * [[https://indico.cern.ch/getFile.py/access?sessionId=8&resId=3&materialId=0&confId=155065][Feb 2012]]
   * [[https://indico.cern.ch/getFile.py/access?sessionId=4&resId=3&materialId=0&confId=155064][Jan 2012]]

---++ Phases and milestones

---+++ 1. Deployment of SW supporting RFC proxies

   * Proxy usage:
      * Legacy
      * RFC only in special tests
      * SHA-2 only in special tests
   * SW supports:
      * Legacy
      * RFC maybe
      * SHA-2 maybe
   * Milestone:
      * All deployed SW supports RFC proxies
   * Additional goal:
      * All deployed SW supports SHA-2, except dCache and !BeStMan

---+++ 2. Switch to RFC proxies

   * There should be no issues with that by this time

---+++ 3. Upgrade dCache and !BeStMan

   * Proxy usage:
      * RFC
      * SHA-2 only in special tests
   * SW supports:
      * RFC
      * SHA-2 maybe
   * Milestone:
      * All deployed SW supports SHA-2

---+++ 4. Introduce SHA-2 CAs

   * Plan B ?
      * Best avoided!

---++ Status of EMI/UMD middleware for WLCG

| *Product* | *Version* | *RFC <br/> proxies* | *SHA-2 <br/> support* | *Availability* | *Notes* |
| APEL-Publisher |          |          |          |          |          |
| ARC-CE         |          |          |          |          |          |
| ARC-Infosys    |          |          |          |          |          |
| Argus          |          |          |          |          |          |
| BDII-site      |          |          |          |          |          |
| BDII-top       |          |          |          |          |          |
| CREAM          |          |          |          |          |          |
| dCache         |          |          |          |          |          |
| DGAS-sensors   |          |          |          |          |          |
| DPM            |          |          |          |          |          |
| EMI-UI         |          |          |          |          |          |
| EMI-WN         |          |          |          |          |          |
| FTS            |          |          |          |          |          |
| gLExec         |          |          |          |          |          |
| gLite-CLUSTER  |          |          |          |          |          |
| LB             |          |          |          |          |          |
| LFC            |          |          |          |          |          |
| !MyProxy        |          |          |          |          |          |
| !StoRM          |          |          |          |          |          |
| VOBOX          |          |          |          |          |          |
| VOMS           |          |          |          |          |          |
| WMS            |          |          |          |          |          |

---++ Status of OSG middleware for WLCG

| *Product* | *Version* | *RFC <br/> proxies* | *SHA-2 <br/> support* | *Availability* | *Notes* |
| !BeStMan |          |          |          |          |          |
| Condor |          |          |          |          |          |
| dCache |          |          |          |          |          |
| gLExec |          |          |          |          |          |
| !GlideinWMS |          |          |          |          |          |
| Gratia client |          |          |          |          |          |
| !GridFTP |          |          |          |          |          |
| GUMS |          |          |          |          |          |
| OSG-CE |          |          |          |          |          |
| Xrootd |          |          |          |          |          |

---++ Status of CERN middleware for WLCG

| *Product* | *Version* | *RFC <br/> proxies* | *SHA-2 <br/> support* | *Availability* | *Notes* |
| CASTOR |          |          |          |          |          |
| CASTOR SRM |          |          |          |          |          |
| EOS |          |          |          |          |          |

---++ Status of central EGI services for WLCG

| *Product* | *Version* | *RFC <br/> proxies* | *SHA-2 <br/> support* | *Availability* | *Notes* |
| Accounting Portal |          |          |          |          |          |
| APEL server |          |          |          |          |          |
| GGUS |          |          |          |          |          |
| GOCDB |          |          |          |          |          |
| Operations Portal |          |          |          |          |          |
| SAM |          |          |          |          |          |

---++ Status of central OSG services for WLCG

| *Product* | *Version* | *RFC <br/> proxies* | *SHA-2 <br/> support* | *Availability* | *Notes* |
| GOC |          |          |          |          |          |
| Gratia server |          |          |          |          |          |
| OIM |          |          |          |          |          |
| RSV |          |          |          |          |          |

---++ Status of LHC experiment software

| *Experiment* | *RFC <br/> proxies* | *SHA-2 <br/> support* | *Notes* |
| ALICE |          |          |          | 
| ATLAS |          |          |          | 
| CMS |          |          |          | 
| LHCb |          |          |          | 

-- Main.MaartenLitmaath - 26-Jun-2012
Topic revision: r3 - 2012-09-17 - MaartenLitmaath
LCG Wikis
LCG Service
Coordination
LCG Grid
Deployment
LCG
Apps Area
Public webs
Welcome Guest
- Cern Search
- TWiki Search
- Google Search
LCG All webs
Copyright &© 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback