Changes from 1.1 R1 to 1.1 R2 ----------------------------- (22 Feb 2006) NOTE: THERE ARE NO CHANGES TO THE CONTENT IN THIS SUB-RELEASE * Corrected typo in the obsoletion of the old ca_CNRS-DataGrid * Improved understandability of the igtf-policy-installation-bundle Changes from 1.0 to 1.1 ----------------------- (20 Feb 2006) * Corrected malformed signing_policy file for CESNET-old * New (generic) email address for the LIP and LIPCA CAs * Expired Cygrid-old and CNRS-Datagrid CAs. The IGTF-classic meta-RPM package implicitly obsoletes there two discontinued CAs * Added alternative syntax for namespace constraints in .namespaces files. See http://www.eugridpma.org/documentation/ for details * Added pkIRISGrid CA as an accredited:classic CA * Corrected SWITCH CA hierarchy, adding the SWITCH Server and Personal CAs inbetween the SWITCH CA and the end-entities * New 2006+ SWITCH Personal and Server CAs in the SwissSign Root-originating hierarchy * New SwissSign Silver-Root and hierarchy added * New authorities from the APGridPMA: APAC GRID, KEK GRID, and NAREGI CA * New GridCanada CA root, renamed the "5f54f417" CA to GridCanada-old * New root cert (with same keypair) for the worthless DutchDemo CA * Pre-installed CA tarballs added for the classic and SLCS profiles Changes from 0.32 to 1.0 ------------------------- (25 October 2005) * IGTF policy metapackages replace EUGridPMA-only ones. The legacy "ca_policy_eugridpma" RPMs now depend on their IGTF counterparts. The EUGridPMA specific files will be withdrawn in a future release. * New directory structure moves all data regarding accredited authorities to the singe "accredited/" directory (including the policy meta-RPM) * Tar-ball installation now supports multiple profiles and targets * Meta-data (".info") for each CA added, and installed in trusted directory * The "experimental" profile supercedes the "others/" area in the distribution (note: this affects the FNAL_KCA, which will shortly be added as an accredited authority under the new Short-Lived Credential Services profile) * Discontinued authorities are no longer distributed * Only accredited authority RPM packages are signed by the PMA's GPG key * APGridPMA accreditations added: KISTI and AIST * New EUGridPMA accreditations: TR-Grid and BalticGrid * CRL URL for SiGNET changed to http instead of https * Added compatibility namespace for NIIF "/C=HU/O=NIIF CA/OU=NIIF/OU=GRID/*" Changes from 0.31 to 0.32 ------------------------- (23 August 2005) * Corrected namespace for the new CESNET CA * New RDIG root certificate with a 2048 bit key length for increased compatibility with existing software suites. Changes from 0.30 to 0.31 ------------------------- (15 July 2005) * Corrected packaging problem which left RDIG out of accredited CA group * renamed the "unknown/" directory to "discontinued/" * Added explanatory text to the distribution regarding the "other/", "worthless/" and "discontinued/" directories Changes from 0.29 to 0.30 ------------------------- (12 July 2005) * Added IHEP CA for China * Added DFN GridGermany CA (Root, User and Server CAs) * Added RDIG CA (will replace the Russian DataGrid CA) * New namespace allocation for the IUCC CA: "/C=IL/O=IUCC/*" * Added updated CESNET Root cert and renamed the old one to "CESNET-old" for legacy compatibility. The new CESNET CA started operating on June 17th * FNAL root CA service has been discontinued and thus removed from the accredited list * RPMs are now signed (experimentally) with PGP keyID 3CDBBC71. This key, the "EUGridPMA Distribution Signing Key 3" can be obtained from the popular PGP key servers, where it has been signed by the current PMA Chair, David Groep. It can also be downloaded from the web distribution site: GPG-KEY-EUGridPMA-RPM-3 Changes from 0.28 to 0.29 ------------------------- (27 April 2005) * New root certificate for the NIIF/Hungarnet CA, following the TACAR update * Preliminary inclusion of the SWITCH CA certificates. Note that the ordering of the components in the end-entity DN will currently prevent the end-entity certs to be validated (this is being addressed by SwissSign) * Modified layout of the tar distribution, in preparation for support of multiple authentication profiles Changes from 0.27 to 0.28 ------------------------- (6 April 2005) * Added the root certs for the newly accredited CAs "AustrianGrid" and "NIIF/Hungarnet" * updated signing policy file of SiGNET CA to handle new emailAddress DN component name * added "BalticGrid CA" in the "worthless" section, for experimentation by AndersW * UKeScience CA changed to SHA1 digest for the root certificate * new CRL and CA URLs for both CyGrid CAs Changes from 0.26 to 0.27 ------------------------- (22 February 2005) * added additional entry to UKeScience signing policy file to accomodate openssl 0.9.7c rendering of emailAddress component in the subject DN * updated DutchGrid CA cert from web site: extended lifetime to 2021 and changed digest algorithm from MD5 to SHA1 * added a tar-ball distribution with a configure scrfipt for convenience * Removed DOESG-Root from the accredited CA list, as per request of of the CA on January 28, 2005. There are no certs left issued by this CA. * Added Grid-FR CA by CNRS, and extended the signing_policy file of the associated CNRS-Projets CA. * A new root certificate for the CyGrid CA (with a new subject name). The old CyGrid CA has been moved to "-old". Both are in the accredited list. The new CRL location has been added. Changes from 0.25 to 0.26 ------------------------- * Added KFKI-RMKI-CA for Hungary * removed Spain-old Changes from 0.24 to 0.25 ------------------------- * Added the new Spain CA with hash 13eab55e and alias: Spain * Rename the Spain CA to Spain-old (expires on 2004-11-12) Changes from 0.23 to 0.24 ------------------------- * Added the Slovenian SiGNET CA with hash 747183a and alias: SiGNET * Added the SEE-GRID CA with hash 468d15b3 and alias: SEE-GRID * Added the Estonian Grid CA, with hash 566bf40f and alias: EstonianGrid * Added the updated LIP CA (called "LIPCA") with hash 11b4a5a2, which will supercede the old one with hash 41380387. The "LIP" one will remain in the repository will the end of 2005. * Added RPM requirements that reflects CA chaining: CNRS-Projects requires CNRS CNRS-DataGrid requires CNRS-Projects DOEGrids requires ESnet Changes from 0.22 to 0.23 ------------------------- * Added the root certificate for the PK-Grid CA, with MD5 fingerprint 24:A0:A7:DD:46:1B:EB:AE:7F:33:CA:5F:FA:D7:37:F8 Changes from 0.21 to 0.22 ------------------------- * A new root certificate for "Russia" (Russian DataGrid CA) has replaced the one that was valid till July 18th, 2004. The old MD5 fingerprint was AE:3D:F5:F2:DD:CF:B0:10:99:7A:6D:74:3C:FB:4A:22, the new one, valid till July 19th, 2009 is: A4:56:E2:01:E6:DB:86:F6:FC:5B:E5:6C:9D:A5:E1:06. The new root cert was received in an S/MIME signed message by Lev Shamardin, signed with a personal cert issued by the old root. The old root cert has been withdrawn from the package entirely. * The BEGrid signing_policy is not resistant against the OpenSSL 0.9.6 to 0.9.7 namechange in the emailAddress DN component. Changes from 0.20 to 0.21 ------------------------- * Added the IUCC and BEGrid root certs