and the SHA-1 depreciation time line and status

Slides:



Advertisements
Similar presentations
Student Intervention & Support Services (SISS) Overview of the IEP Process Professional Development for Professional Staff Wednesday, May 7, 2014.
Advertisements

Report on Attribute Certificates By Ganesh Godavari.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
Security Update WLCG GDB CERN, 12 June 2013 David Kelsey STFC/RAL.
Blueprint Meeting Notes Feb 20, Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
EUGridPMA Status, current trends and some technical topics March 2013 Boulder, CO, USA David Groep, Nikhef & EUGridPMA.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
SHA-2, current trends and some technical topics March 2013 Taipei, TW David Groep, Nikhef & EUGridPMA.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
EGI-InSPIRE RI EGI.eu European Grid Infrastructure EGI-InSPIRE RI Credential Validation Middleware Requests compiling.
Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay, James Basney,
EGI-InSPIRE RI EGI (IGTF Liaison Function) EGI-InSPIRE RI IGTF EUGridPMA status update SHA-2, OCSP, and more David.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Introduction of SHA-2 in the EGI Infrastructure David Groep, EGI-IGTF Liaison.
EGI-InSPIRE RI EGI (IGTF Liaison Function) EGI-InSPIRE RI IGTF & EUGridPMA status update SHA-2 – and more (David Groep,
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
Key Rollover for the RPKI Steve Kent (Channeling Geoff Huston )
IGTF Risk Assessment Team 5/11/091.
IGTF Risk Assessment Team 9/14/091.
IGTF, WLCG, EGI and SHA-2 (and RFC proxies) David Kelsey (STFC-RAL and WLCG) TAGPMA meeting, Panama City Aug 2012.
IGTF in 10 years enabling the interoperable global trust federation Nikhef, Amsterdam supported the Dutch national e-Infrastructure funded and coordinated.
Teacher Evaluation Timeline
Directory/Inventory – info sharing for security people
AEGIS Certification Authority
To the Crown Mineral Activity Online Training Course
Unit 4 - Web Design Project
Classic X.509 AP updates (v4.1)
SECRETARY OF STATE VOTECAL PROJECT CACEO New Law Conference Presentation December 16, 2016.
UGRID CA Sergii Stirenko, Oleg Alienin
Update on SHA-2 and RFC proxy support
Boots to Business Overview
Communications Timeline
EUGridPMA Status and Current Trends and some IGTF topics March 2014 Taipei, TW David Groep, Nikhef & EUGridPMA.
Assessing Combined Assurance
Leveraging the IGTF authentication fabric for research
Leveraging the IGTF authentication fabric for research
Security in ebXML Messaging
IGTF Risk Assessment Team
Ocean Transportation Intermediary License Renewal System February 2017
13-block rotation schedule
Timeline Tool Kit December 25, 1946
Communications IGTF RAT Comms Challenge 3 Fall 2015
SHA-2 Migration status David Groep Nikhef Nikhef, Amsterdam
Certification Workshop
Digital Certificates and X.509
OIDC Federation for Infrastructures
2017/18 Payment Calendar Due Date Cut-off Day 1st of every month
Shanya Salamaca September 15, 2010
Operations sustainability
MaGrid CA Self audit and update
AuthN Middleware Requests
To the Crown Mineral Activity Online Training Course
Communications Ensuring a responsive IGTF community through periodic validation of communication co-supported by the Dutch National e-Infrastructure coordinated.
* A portion of the “Other Funding Source Hours” applied to training and technical assistance delivered in WA State.
McDonald’s calendar 2007.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006
The Transformation of A Small Company Into A Golden Legend
PKI (Public Key Infrastructure)
BOARD MEETINGS Thursday, August 27th TBA NJHS MEETING SCHEDULE
SFSU CLS Program Re-Application Instructions
Introduction to Let’s Encrypt
May is Coming !!! January 31st: Project approval (16 days from now) • Brainstorming, team formation, successful RFA February 7th: Project proposal (+7.
MyIFAM CA Self-Audit Report APGridPMA F2F Meeting 1/4/2019
HKU Grid Certificate Authority (HKU Grid CA) CP/CPS Reviewer’s Comments Bill Yau
KISTI CA Report Status & Self-Audit
2015 January February March April May June July August September
DLS Student Registration & Enrollment Timeline
SFSU CLS Program Re-Application Instructions
Planning Certification – Change Request April 26, 2017
Presentation transcript:

and the SHA-1 depreciation time line and status SHA-2 introduction and the SHA-1 depreciation time line and status co-supported by the Dutch National e-Infrastructure coordinated by SURFsara, and EGI Core Services

SHA-1 depreciation time line Before December 2013 CA certificates in the IGTF distribution and CRLs at official distribution points should use SHA-1 CAs should issue SHA-1 end entity certificates on request CAs may issue SHA-2 (SHA-256 or SHA-512) end entity certificates on request. CAs may publish SHA-2 (SHA-256 or SHA-512) CRLs at alternate distribution point URLs 1st December 2013 CAs should begin to phase out issuance of SHA-1 end entity certificates CAs should issue SHA-2 (SHA-256 or SHA-512) end entity certificates by default 1st April 2014 New CA certificates should use SHA-2 (SHA-512) Existing intermediate CA certificates should be re-issued using SHA-2 (SHA-512) Existing root CA certificates may continue to use SHA-1 1st October 2014 CAs may begin to publish SHA-2 (SHA-256 or SHA-512) CRLs at their official distribution points. 1st February 2015 (‘sunset date’) All issued SHA-1 end entity certificates should be expired or revoked. 17 January 201917 January 2019 Interoperable Global Trust Federation 2005 - 2015

Interoperable Global Trust Federation 2005 - 2015 Current state On the CA side Almost all CAs issue SHA-2 family EECs There are some SHA-2 roots Not many intermediates have been re-written yet On the RP and client side All known software now processes SHA-2 correctly We might use the Communication Challenge to get up-to-date status reports (to be discussed) 17 January 201917 January 2019 Interoperable Global Trust Federation 2005 - 2015

Interoperable Global Trust Federation 2005 - 2015 From the IGTF Home Page top link https://www.eugridpma.org/documentation/hashrat/sha2-timeline If SHA-1 is broken, certificates based on SHA-1 must be revoked within the IGTF RAT determined time line, which may be within one working day. In case of new SHA-1 vulnerabilities, the above schedule may be revised. Until such a case is demonstrated, there might be exceptional cases where a CA might issue SHA-1 based certs with appropriate warnings and instructions to the subscriber. SHA-224 is not to be used as per the HASHRAT document. Note that SHA-384 does work - and in some cases is preferred over SHA-512 for compatibility reasons. pending IGTF All Hands endorsement … 17 January 201917 January 2019 Interoperable Global Trust Federation 2005 - 2015

Building a global trust fabric Questions? Building a global trust fabric Interoperable Global Trust Federation 2005 - 2015

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.