From: David Groep Date: Thu, 29 Mar 2012 12:00:00 +0200 Subject: Updated IGTF distribution 1.46 withdrawing old CESNET CA Dear CAs, Relying Parties, Users, and all others interested, In this announcement of the IGTF: 1. Unused CESNET CA "9b59ecad" lost CRL generation capability 2. Updated IGTF distribution version 1.46 available ========================================================================= 1. Unused CESNET CA "9b59ecad" lost CRL generation capability ========================================================================= The obsolete CESNET cA with OpenSSL 0.x hashID "9b59ecad" has recently lost its capability to generate CRLs. Although this CA was no longer in active use and has no subscribers left, it was not yet withdrawn from the IGTF distribution. The last CRL has since expired, and in its current state the CA is no longer operative. It also has no capability left to generate a new CRL. There are no security risks associated with having an expired CRL, and leaving 1.45 in place does not expose you as a relying party to any additional risk. However, no longer having a valid CRL may generate monitoring warnings in several operational infrastructures. To mitigate this warnings, the IGTF releases 1.46, which formally obsoletes this CA. ========================================================================= 2. Updated IGTF distribution version 1.46 available ========================================================================= A new distribution of Accredited Authorities by the EUGridPMA, based on the IGTF Common Source, is now available. It includes the newly accredited Authorities by all IGTF Members and retires expiring CA certificates. This is version 1.46, release 1, and it is now available for download from the Repository (and mirrors) at https://dist.eugridpma.info/distribution/igtf/current/ Changes from 1.45 to 1.46 ------------------------- (29 March 2012) * Removed discontinued CESNET (9b59ecad) CA (CZ) Debian APT support ------------------ The IGTF distributed the trust anchors in various formats. This release adds an 'apt' compliant repository for Debian-based distribution as an experimental service. For details, see https://dist.eugridpma.info/distribution/igtf/current/dists/README.txt Use in coordinated-deployment infrastructures --------------------------------------------- If you are part of a coordinated-deployment infrastructure (such as a national e-Infrastructure, EGI, OSG, PRACE-RI, NAREGI or others) you may want to await your project announcement before installing this release. The download repository is also mirrored by the APGridPMA at https://www.apgridpma.org/distribution/igtf/ Next Release ------------ Releases are usually done on the last Monday of the month, only when the trust anchor distribution has been updates substantially. The currently- estimated next release date of the distribution is 30 April 2012. Dual-hash OpenSSL v1 support ---------------------------- This distribution comes in two (2) formats. The primary format for this release supports OpenSSL v1 and is designed to be backwards compatible with the old distribution format. If you experience issues with the new format, the old non-OpenSSL-v1 version is still available at https://dist.eugridpma.org/distribution/igtf/current-old/ but you should upgrade as soon as practically possible. Subsequentl releases may withdraw this legacy format without further notice. For more information, please refer to the February 15th 2010 newsletter: https://www.eugridpma.org/newsletter/eugridpma-newsletter-20100215.txt ========================================================================= REPEATED NOTICES ========================================================================= This newsletter carries IGTF information intended for relying parties. For more information about this newsletter and how to subscribe, refer to the EUGridPMA web site at https://www.eugridpma.org/ +-----------------------------------------------------------------------+ | For information on the IGTF Distribution, how to use it and what is | | contains, please read the information at | | https://dist.eugridpma.info/distribution/igtf/README.txt | | | | This file contains important information for new users and should be | | read before installing this Distribution. | +-----------------------------------------------------------------------+ If you have suggestions or improvements for the distribution format, to have it better suit your needs, please contact the EUGridPMA PMA at or your Regional Policy Management Authority. See the IGTF web site (www.igtf.net) for further information.