From: David Groep Date: Tue, 23 Aug 2005 15:00:00 +0200 Subject: EUGridPMA CA distribution 0.32 Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the EUGridPMA: 1. New distribution (0.32) with repairs and updated root cert We hope that you find this update useful and welcome any comments you may have. Also, feel free to redistribute this information widely as you see appropriate. Regards, David Groep For more information about this newsletter and the mailing list, please refer to the EUGridPMA web site at https://www.eugridpma.org/ ========================================================================= 1. New distribution version 0.32 ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, release version 0.32, is now available for download from the EUGridPMA Repository https://www.eugridpma.org/distribution/current/ Note that this updates the previous release that was issued three days ago. There are two reasons for this update: * The Russian Data Intensive Grid (RDIG) CA has released a new root certificate with a keylength of 2048 bits. The previous key (4096 bits in length) caused problems in various software suites, in particular some Java implementations. NOTE that the has remains unchanged, and the previous web locations will be re-used. In the transition period, you may encounter inconsistencies between the new CA cert and the (still old) CRL downloaded from the crl_url. This inconsistency has no other security impacts than to render the CA inactive, i.e., this is a safe default. * The signing policy file for the new CESNET CA was incomplete and left out the namespace that was actually in use. The correct namespace is /DC=cz/DC=cesnet-ca/*. Notice: *ONLY* CAs IN THE "accredited/" DIRECTORY and THE CAs INSTALLED USING THE ca_policy_eugridpma-0.32-1.noarch.rpm ARE ACCREDITED Do *not* install certificates from the "worthless/", "other/", or "discontinued/" directories, except if you your self review and accept their policy and practice statement. The EUGridPMA provides these certificates in this format for your convenience only, and to allow graceful changeover for legacy installations. You can download the new packages and install them at your convenience. Changes from 0.31 to 0.32 ------------------------- (23 August 2005) * Corrected namespace for the new CESNET CA * New RDIG root certificate with a 2048 bit key length for increased compatibility with existing software suites. For those using RPM based linux distribution, a "meta-RPM" is available from the repository, ca_policy_eugridpma-0.32-1.noarch.rpm, that contains dependencies on the RPMs of all accredited CAs. The repository is suitable for "yum" based automatic updates. This is the first RPM distribution that will (on an experimental basis) used GPG-signed RPMs. The key (ID 3CDBBC71) has been uploaded to the public key servers, along with my signature as the EUGridPMA Chair (keyID 6F298418). The key is also contained in the repository. The next release of the CA RPMs is to be expected around October 2005, (of course barring special circumstances). The format of those new releases is currently under considation. If you want to contribute to the discussion or to suggest improvements to have it better suit your needs, please contact the PMA at . There will be a common distribution format across the entire IGTF (i.e. all three PMAs).