Skip to Content.
Sympa Menu

inc-ops-notifications - [InCommon NOTICE] InCommon metadata now available over TLS

Subject: InCommon Operations Notifications

List archive

[InCommon NOTICE] InCommon metadata now available over TLS


Chronological Thread 
  • From: Nick Roy <>
  • To: "" <>
  • Subject: [InCommon NOTICE] InCommon metadata now available over TLS
  • Date: Wed, 31 Jan 2018 22:35:01 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:01XfNx/JAJFSAv9uRHKM819IXTAuvvDOBiVQ1KB+0+gXIJqq85mqBkHD//Il1AaPAd2Craocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HObwlSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDwULs6Wymt771zRRHolikJKiI5/m/UhMxxkK1Vrx2uqgdjw47NfI2ZKOZycr/Dcd4cWGFPXtxRVytEAo6kd4UPDvYOPeVFpIfhoFsPrQa1CA6qBOP1zT9JhmT73aw80+Q9Dw7GxgogEMwSsHjKttn6KrodUf2swaTO0D7NYfRW2TLn54jJdBAsufCMXbRsccXP00kvER3KjkmOpYD/ITyay/kNv3Ce7+pnT+KglW8nqwd/ojiox8cskZPGhpwPxVDF8SV22p06JdmmR058Z96kDJtQuD+fN4RoXsMtWXxntzwmyrIco5G7cycKyI45yB7QcfOHb5aH4gn+WOefIDd4h3NleKqliBa970es0O39Vs6p0FtMsyFLkcHMu2gQ2xDP5cWLUPRw80W71TuB2Q3f8PxILV0omabDKZMszKQ8moccvEjZAyP6hUX7gLWLekgm5+Sl7fnsbK/8qZ+GLYB0jxnzMqQwlcy7BuQ1KhAAUnSc9+igybHv5FD0Tq1Eg/EvlanWq47VKd4cpq6kHw9ayYEj6wu5Dzi7ytgYhWMHLFVZeB2Zk4fpJ1DOIPf+DfulhFSsjStrx/TBPr3mAZXBNGTMkLDkfbpl6k5czhQ8zcxH6p5JFr0ML+j/V0DzudDCABI0PRa4z/v6BNlhzo8eXHiAAq6dMKPcq1+I4ecvLvGKZI8Pvzb8K+Mo5//ojX8lh1AdZ6+p0oULaHymBPhpPViWYWf0jtcbDWgKphY+TPDtiFCaUD5TYWq9X6U55jE+D4KmC53PRoe3gLyOxSu7H5tWaXxfBlCLCXfobJyIW/ELaCKOI89hnD0EWqS7RI891BGuswn6y6F8I+rQ+y0Yro7j1MNr6+HJlBEy8yB0ANqH02GLUW50gn0ESyUo069ivEwugmuEhOJ5hfcdEsRIovVOTgY0NJXV0+19DcvaWwTKedKMT1DgRc+pS3llT9Q6htgWeAN7HMmjgBHI1jarBLkOv72ND5sx96XamX/rKJAu5WzB0fwHjlIlCvFIJCXygLR45iDSAZLEiUOUi/zseKgBin2evFyfxHaD6RkLGDV7Vr/ICCgS
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Hello,

InCommon metadata is now available over TLS (https://). More info is
available on the Metadata Aggregates [1] wiki page. You may recall that
I recently said we would never publish metadata over TLS [2]. That blog
post caused several people to come forward and make a case for the
ability to download metadata over TLS. In some cases, the reasons for
this involve data center firewall policies for outbound traffic. In any
case, we *strongly* encourage those that can download metadata via
plaintext and then verify the signature on the metadata per [3] to
continue to do so. TLS is not a sufficient security measure to ensure
that metadata, which carries the public keys that the federation trust
relies upon, is not tampered with. Only verifying the signature on the
metadata each time it is downloaded achieves the required level of trust.

Best Regards,

Nick Roy
Director of Technology and Strategy, InCommon / Internet2 Trust and
Identity Services

[1] https://spaces.internet2.edu/display/InCFederation/Metadata+Aggregates

[2] https://www.internet2.edu/blogs/detail/14522

[3] https://spaces.internet2.edu/display/InCFederation/Metadata+Consumption


  • [InCommon NOTICE] InCommon metadata now available over TLS, Nick Roy, 01/31/2018

Archive powered by MHonArc 2.6.19.

Top of Page