SHA-2 Migration status David Groep Nikhef Nikhef, Amsterdam

Slides:



Advertisements
Similar presentations
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Advertisements

David Groep Nikhef Amsterdam PDP & Grid Ensuring Availability Security, Protection, Trust, walking the line between paranoia and laisser-faire in a highly.
Report on Attribute Certificates By Ganesh Godavari.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Authentication Policy David Kelsey CCLRC/RAL 15 April 2004, Dublin
Updates from the EUGridPMA David Groep, Oct 11 th, 2011.
OSG Area Coordinators Meeting Security Team Report Kevin Hill 08/14/2013.
Security Update WLCG GDB CERN, 12 June 2013 David Kelsey STFC/RAL.
Updates from the EUGridPMA David Groep, July 16 st, 2007.
EUGridPMA Status, current trends and some technical topics March 2013 Boulder, CO, USA David Groep, Nikhef & EUGridPMA.
Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
European Grid Policy Management Authority. Event - 2/total Speaker Name – Coverage of the EUGridPMA Green: Countries with an accredited.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 6/6/2012.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
SHA-2, current trends and some technical topics March 2013 Taipei, TW David Groep, Nikhef & EUGridPMA.
EUGridPMA Status, current trends and some technical topics March 2013 Taipei, TW David Groep, Nikhef & EUGridPMA.
EGI-InSPIRE RI EGI.eu European Grid Infrastructure EGI-InSPIRE RI Credential Validation Middleware Requests compiling.
Lessons Learned from disaster recovery Jinny Chien April 20, th APGridPMA in Taipei.
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
EGI-InSPIRE RI EGI (IGTF Liaison Function) EGI-InSPIRE RI IGTF EUGridPMA status update SHA-2, OCSP, and more David.
David Groep Nikhef Amsterdam PDP & Grid Bring the WLCG federation Home Extending your trust options beyond bottom-up identity by collaborating with global.
PEPPOL is an EU co-funded project CIP-ICT PSP-2007 No OpenPEPPOL Transport Infrastructure Rome Sven Rasmusen Danish Agency.
Update of APGridPMA APGridPMA Meeting Academia Sinica, Taiwan 22 March,
FP6−2004−Infrastructures−6-SSA [ Empowering e Science across the Mediterranean ] Rome, Tutorial for Certification Authority Managers,
EGI-Engage EGI-Engage WP3 e-Infrastructure Commons Diego Scardaci EGI.eu/INFN 6/18/2016 EGI-Engage – First.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Introduction of SHA-2 in the EGI Infrastructure David Groep, EGI-IGTF Liaison.
EGI-InSPIRE RI EGI (IGTF Liaison Function) EGI-InSPIRE RI IGTF & EUGridPMA status update SHA-2 – and more (David Groep,
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
IGTF Risk Assessment Team 5/11/091.
IGTF, WLCG, EGI and SHA-2 (and RFC proxies) David Kelsey (STFC-RAL and WLCG) TAGPMA meeting, Panama City Aug 2012.
Public Key Infrastructure. A PKI: 1. binds public keys to entities 2. enables other entities to verify public key bindings 3. provides services for management.
IGTF in 10 years enabling the interoperable global trust federation Nikhef, Amsterdam supported the Dutch national e-Infrastructure funded and coordinated.
Bob Jones EGEE Technical Director
Gridpp37 – 31/08/2016 George Ryall David Meredith
AEGIS Certification Authority
Classic X.509 AP updates (v4.1)
EUGridPMA CAOPS-WG and IGTF Issues March 2013 Charlottesville, VA, USA David Groep, Nikhef, EUGridPMA, and EGI.
UGRID CA Sergii Stirenko, Oleg Alienin
Information Security message M one-way hash fingerprint f = H(M)
Building Interoperable Global Trust
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Connecting the European Grid Infrastructure to Research Communities
EUGridPMA Status and Current Trends and some technical topics November 2013 La Plata, AR David Groep, Nikhef & EUGridPMA.
EUGridPMA Status and Current Trends and some IGTF topics March 2014 Taipei, TW David Groep, Nikhef & EUGridPMA.
Assessing Combined Assurance
Assessing Combined Assurance
Leveraging the IGTF authentication fabric for research
Leveraging the IGTF authentication fabric for research
Security in ebXML Messaging
The IGTF Charter Name uniqueness throughout the IGTF is anchored in the Charter Current Charter assigns a namespace to an Authority, implying that the.
WTO SEMINAR ON TECHNICAL ASSISTANCE ON CUSTOMS VALUATION
Communications IGTF RAT Comms Challenge 3 Fall 2015
Information Security message M one-way hash fingerprint f = H(M)
Updated (VO) Community Security Policies
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
OIDC Federation for Infrastructures
Operations sustainability
AuthN Middleware Requests
The EGI.eu Organisation
and the SHA-1 depreciation time line and status
Communications Ensuring a responsive IGTF community through periodic validation of communication co-supported by the Dutch National e-Infrastructure coordinated.
David Kelsey (STFC-RAL)
PKI (Public Key Infrastructure)
February 2007 Note: Source:.
Introduction to Let’s Encrypt
KISTI CA Report Status & Self-Audit
BG.ACAD CA Self-audit report 2018
Presentation transcript:

SHA-2 Migration status David Groep Nikhef Nikhef, Amsterdam supported the Dutch national e-Infrastructure funded and coordinated by SURFsara, by EGI.eu, and by EGI-InSPIRE RI-261323,

Readiness on the CA side a few CAs can do either SHA-2 OR SHA-1 but not both so they need to wait for software to be SHA-2-ready and then change everything at once A select few can do SHA-2 but their time line is not driven solely by us Time line also driven by the largest customer base All can do SHA-2 Anyway, MS policy requires SHA-2 TAs by mid-2016 TCS will do it in the next iteration Keep in mind hardware issues, e.g. the old Alladin eTokens (32k) do not support SHA-2 May 2014 IGTF 2005 - 2014

Time line (see IGTF web site) Now CA certificates in the IGTF distribution and CRLs at official distribution points should use SHA-1 CAs should issue SHA-1 end entity certificates on request CAs may issue SHA-2 (SHA-256 or SHA-512) end entity certificates on request. CAs may publish SHA-2 (SHA-256 or SHA-512) CRLs at alternate distribution point URLs 1st DECEMBER 2013 CAs should begin to phase out issuance of SHA-1 end entity certificates CAs should issue SHA-2 (SHA-256 or SHA-512) end entity certificates by default 1st April 2014 New CA certificates should use SHA-2 (SHA-512) Existing intermediate CA certificates should be re-issued using SHA-2 (SHA-512) Existing root CA certificates may continue to use SHA-1 1st October 2014 CAs may begin to publish SHA-2 (SHA-256 or SHA-512) CRLs at their official distribution points. 1st February 2015 (‘sunset date’) All issued SHA-1 end entity certificates should be expired or revoked. In case of new SHA-1 vulnerabilities, the above schedule may be revised. May 2014 IGTF 2005 - 2014

Building a global trust fabric www.igtf.net Interoperable Global Trust Federation – AP EU TAG Building a global trust fabric www.igtf.net IGTF 2005 - 2014

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.