[Go to /]
Structures
Membership
Contact us

IGTF
APGridPMA
TAGPMA
GEANT TACAR
REFEDS
SCI
WISE

Documents
Charter
Guidelines
One Statement Policies

CAOPS-WG
Wiki

Technical Info
CA Distribution download
Subject Locator
Find your local CA
About your certificate

Newsletter issues
Subscribe
Service notices

Tools download and fetch-crl
Technical documentation
IGTF OID Registry
SHA-2 timeline

Meetings
Manchester Sept 25-27, 2017
IGTF All Hands


Overview
Agendas
Intranet and Reviews (closed)

EUGridPMA Technical Documents

  • Namespace constraints file format and semantics (Adobe PDF) (MS Word)

    This document describes the format and parsing rules for the namespaces file as shipped with the EUGridPMA and IGTF distributions of the accredited authorities. It augments the existing signing_policy scheme for relying-party defined name constraints on the valid subject identifiers from trusted identity providers.

    This document describes the specific expression of this namespace constraints policy as a policy file stored in a file system, and on the processing and interpretation semantics of the policy file by compliant software implementations.

    Related links:

  • EACL signing_policy file format

    This document describes the signing_policy file format used by the Globus Toolkit "OLD-GAA" API to restrict the subject signing namespace.

    Note that due to implementation limitations in all Globus Toolkit versions, the EUGridPMA and IGTF only use positive rights EACL rules.

  • OID for Proxy Delegation Tracing

    This document defines the OID allocation from the IGTF used for experimental proxy certificate delegation tracing. It assigns OID arc 1.2.840.113612.5.5.1.1.1 for the use of identifying attributes in RFC 3820 proxy certificates that facilitate the tracing of delegations in a proxy certificate chain.

  • HASHRAT SHA-1 Hash Function Risk Assessment

    The most-commonly used hash algorithm in IGTF PKI implemention today is SHA-1, which is however increasingly vulnerable to attacks and its continued use may soon start posing a threat to the IGTF PKI. However, moving to a more modern hash like SHA-2 (or soon SHA-3) has operational consequences for the e-Infrastructure relying on the IGTF PKI in that not all software implementations can currently work with SHA-2. In this document we assess the risk to attacks on SHA-1 with respect to the integrity of the trust fabric and the impact of moving to SHA-2 at a given point in time on the operational infrastructure


Comments to David Groep.