md-distro - [md-distro] Phase 1 deployment strategy
Subject: Metadata Distribution Subcommittee of TAC
List archive
- From: Tom Scavo <>
- To:
- Subject: [md-distro] Phase 1 deployment strategy
- Date: Wed, 16 Oct 2013 11:14:05 -0400
Dean and I met earlier this week to discuss possible next steps with
respect to the Phase 1 communication plan. We concluded that we need
to deploy a new metadata aggregate *first*, before we send an
announcement to site administrators, otherwise we won't be able to
provide them with an immediate mitigating action and therefore the
communication will just be cause for alarm without providing a
possible path forward. I'd be interested in hearing if folks agree
with this conclusion.
Assuming we do deploy a new metadata aggregate in conjunction with a
new self-signed signing certificate, the next question is whether or
not that new aggregate should also be signed using a SHA2-based
algorithm. If we do, that will complicate the transition to the new
metadata aggregate. If we don't, then users will end up migrating
twice. The latter seems to take precedence, so I'd be inclined to
deploy *one* aggregate with both features.
Bottom line: Deploy a new metadata aggregate (at a new endpoint
location) that uses a self-signed signing certificate and a SHA2-based
signing algorithm.
Comments?
Thanks,
Tom
- [md-distro] Phase 1 deployment strategy, Tom Scavo, 10/16/2013
- Re: [md-distro] Phase 1 deployment strategy, Cantor, Scott, 10/16/2013
Archive powered by MHonArc 2.6.16.