From: David Groep Date: Mon, 29 June 2015 12:00:00 +0000 Subject: Updated IGTF distribution 1.65 with additional meta-data Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Updated IGTF distribution version 1.65 available 2. New meta-data info file data in 1.65 release 3. End of support for RPM yum version 2 and RPM-APT 4. IGTF uses new build platform ============================================================================ 1. Updated IGTF distribution version 1.65 available ============================================================================ A new distribution of Accredited Authorities by the Interoperable Global Trust Federation, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities and retires expiring trust anchors. This is version 1.65 release 1 and it is now available for download from the Repository (and mirrors) at https://dist.igtf.net/distribution/igtf/current/ Changes from 1.64 to 1.65 ------------------------- (29 June 2015) * Discontinued NAREGI CA (JP) * Added addition G2 root for IPM CA (IR) * Added new subjectdn attribute to the trust anchor and profile meta-data files to aid monitoring and authentication-profile based access control mechanism use cases. See http://wiki.eugridpma.org/Main/IGTFInfoFile (ALL) Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updated substantially. The currently-estimated next release date of the distribution is at the end of September 2015. ============================================================================ 2. New meta-data info file data in 1.65 release ============================================================================ Each trust anchor in the IGTF distribution comes with an associated file with relevant meta-data: the URL of the revocation list, the emergency contact email address, the fingerprint to verify integrity, the short alias name (file name) and some more data. The name of the trust anchor (for PKIX anchor: the subject distinguished name) has been added to this meta-data in the "subject" attribute. For the policy meta-packages (with the "policy-igtf-{classic,mics,slcs,iota}.info" files), the "subject" attribute is a list of comma-separated subject names of all trust anchors that are accredited under the named authentication profile (AP). All subject names are double-quoted strings. The syntax of the .info meta- data files is described in . We envison that these subject names will be used for implementing SSL moni- toring use cases, and to support access control and authorization decisions based on the IGTF accreditation status in combination with other relevant external attributes. There is also a 'discontinued' meta-file that lists all trust anchors that have been withdrawn and must no longer be used. Also to this package a list of subject names has been added (only for those subject names that have not been re-used in an updated trust anchor version). This list can be used for verification purposes to inspect whether any discontinued trust anchors are inadvertently still active in a particular installation. ============================================================================ 3. End of support for RPM yum version 2 and RPM-APT ============================================================================ The data for Yum v2 ("headers") and apt-rpm ("apt/RPMS.profile"), although still present in the 1.65 distribution, are no longer supported. They will be removed in an upcoming release. The 1.65 distribution has been built on a new (RHEL6-compatible) platform that does not natively support the apt-rpm model any more. ============================================================================ 4. IGTF uses new build platform ============================================================================ The more observent of the IGTF relying parties may notice that the RPM packaging indicates a new build host (Build Host: el6vbx.localdomain) and was created using a higher version of the RPM build system.This new build host is expected: the distribution is now built in a (virtualised) RHEL6- compatible environment that is hosted on a new (similarly secured)system. The source continues to come from the IGTF Common Source version control system and the data are verified against this common source. The change (from "streng.nikhef.nl" to "el6vbx.localdomain") is expected. ========================================================================= REPEATED NOTICES ========================================================================= Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (e.g. a national or regional e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI or others) you may want to await their announcement before installing the release. They could include localised adaptations. For reference we include the links below: PRACE-RI http://winnetou.surfsara.nl/prace/certs/ EGI https://wiki.egi.eu/wiki/EGI_IGTF_Release wLCG https://lcg-ca.web.cern.ch Open Science Grid https://software.grid.iu.edu/cadist/ Supplementary download locations -------------------------------- The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ and by the EUGridPMA at https://dist.eugridpma.info/distribution/igtf/ Where possible validate trust anchors with the GEANT TACAR Repository https://www.tacar.org/ About this news letter ---------------------- This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.igtf.net/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information.