md-distro - Re: [md-distro] Minutes : 11 July 2013
Subject: Metadata Distribution Subcommittee of TAC
List archive
- From: Tom Scavo <>
- To:
- Subject: Re: [md-distro] Minutes : 11 July 2013
- Date: Fri, 12 Jul 2013 07:21:31 -0400
On Thu, Jul 11, 2013 at 2:01 PM, John Krienke
<>
wrote:
> 11 July 2013
>
> MINUTES
> ----------------------
>
> ... in 2009, we moved as a
> participant community to self-signed certificates in metadata (although a
> few InCommon-issued certificates long-expired still exist in metadata
> today).
I'll take it as an action item to obtain precise information about
InC-issued certificates in metadata.
> Most of our recommendations are documented on the MD
> consumption pages: https://spaces.internet2.edu/x/JwQjAQ
Recommendation: Site Administrators bootstrap trust by obtaining the
signing certificate in the FM.
> eduGain: Uses a self-signed cert to sign their MD. Online signing. Don't
> know about their security implementation (HSM, etc).
Recalling the discussion, the above "facts" are mostly speculation.
Maybe someone will take an action item to obtain authoritative answers
to these questions?
> 10 years is how long we've been using the current key.
I'll take an action item to obtain a precise answer to this question.
Tom
- [md-distro] Minutes : 11 July 2013, John Krienke, 07/11/2013
- Re: [md-distro] Minutes : 11 July 2013, Tom Scavo, 07/12/2013
- Re: [md-distro] Minutes : 11 July 2013, Ian Young, 07/13/2013
- Re: [md-distro] Minutes : 11 July 2013, Ian Young, 07/30/2013
- Re: [md-distro] Minutes : 11 July 2013, Tom Scavo, 07/12/2013
Archive powered by MHonArc 2.6.16.