RFC proxy and SHA-2 signature support in WLCG middleware
Introduction
IGTF would like CAs to move from SHA-1 to SHA-2 signatures ASAP,
to anticipate concerns about the long-term safety of the former.
For WLCG this originally implied using RFC proxies instead of the
Globus legacy proxies in use today, but that constraint has been
avoided since Jan 2013:
The latest IGTF timeline aims to allow SHA-2 certificates to be introduced
by
Dec 1, 2013. See the
minutes
of the Sep 19 WLCG Operations Coordination meeting.
EGI and EMI have assessed per product which version is supposed to be
ready for SHA-2 certificates:
EGI will pursue the uptake of the required versions in the EGI infrastructure
and OSG will do the same for their products in their infrastructure.
The LHC experiments are asked to check their own services and clients explicitly: