RFC proxy and SHA-2 signature support in WLCG middleware

Introduction

IGTF would like CAs to move from SHA-1 to SHA-2 signatures ASAP, to anticipate concerns about the long-term safety of the former.

For WLCG this implies using RFC proxies instead of the Globus legacy proxies in use today.

Updates on the state of affairs are regularly presented in GDB meetings:

Phases and milestones

1. Deployment of SW supporting RFC proxies

  • Proxy usage:
    • Legacy
    • RFC only in special tests
    • SHA-2 only in special tests
  • SW supports:
    • Legacy
    • RFC maybe
    • SHA-2 maybe
  • Milestone:
    • All deployed SW supports RFC proxies
  • Additional goal:
    • All deployed SW supports SHA-2, except dCache and BeStMan

2. Switch to RFC proxies

  • There should be no issues with that by this time

3. Upgrade dCache and BeStMan

  • Proxy usage:
    • RFC
    • SHA-2 only in special tests
  • SW supports:
    • RFC
    • SHA-2 maybe
  • Milestone:
    • All deployed SW supports SHA-2

4. Introduce SHA-2 CAs

  • Plan B ?
    • Best avoided!

Status of EMI/UMD middleware for WLCG

Product Version RFC
proxies
SHA-2
support
Availability Notes
APEL-Publisher          
ARC-CE          
ARC-Infosys          
Argus          
BDII-site          
BDII-top          
CREAM          
dCache          
DGAS-sensors          
DPM          
EMI-UI          
EMI-WN          
FTS          
gLExec          
gLite-CLUSTER          
LB          
LFC          
MyProxy          
StoRM          
VOBOX          
VOMS          
WMS          

Status of OSG middleware for WLCG

Product Version RFC
proxies
SHA-2
support
Availability Notes
BeStMan          
Condor          
dCache          
gLExec          
GlideinWMS          
Gratia client          
GridFTP          
GUMS          
OSG-CE          
Xrootd          

Status of CERN middleware for WLCG

Product Version RFC
proxies
SHA-2
support
Availability Notes
CASTOR          
CASTOR SRM          
EOS          

Status of central EGI services for WLCG

Product Version RFC
proxies
Sorted ascending
SHA-2
support
Availability Notes
Accounting Portal          
APEL server          
GGUS          
GOCDB          
Operations Portal          
SAM          

Status of central OSG services for WLCG

Product Version RFC
proxies
SHA-2
support
Availability Notes
GOC          
Gratia server          
OIM          
RSV          

Status of LHC experiment software

Experiment RFC
proxies
SHA-2
support
Notes
ALICE      
ATLAS      
CMS      
LHCb      

-- MaartenLitmaath - 26-Jun-2012

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r2 - 2012-07-16 - MaartenLitmaath
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback