RFC proxy and SHA-2 signature support in WLCG middleware


IGTF would like CAs to move from SHA-1 to SHA-2 signatures ASAP, to anticipate concerns about the long-term safety of the former.

For WLCG this originally implied using RFC proxies instead of the Globus legacy proxies in use today, but that constraint has been avoided since Jan 2013:

The latest IGTF timeline aims for SHA-2 certificates to be introduced by Oct 1, 2013. See the "Outcome of 28th EUGridPMA" presented in the EGI Operations Management Board meeting of May 28, 2013.

EGI and EMI have assessed per product which version is supposed to be ready for SHA-2 certificates:

EGI will pursue the uptake of the required versions in the EGI infrastructure and OSG will do the same for their products in their infrastructure.

The LHC experiments are asked to check their own services and clients explicitly:

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r4 - 2013-06-01 - MaartenLitmaath
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback