European Grid Infrastructure EGI Trust Anchor release 1.128 2024.06.24 ------------------------------------------------------------------------------ For release DOCUMENTATION available on this EGI Trust Anchor release see the EGI operations manual HOWTO-01 at https://edu.nl/envyq ------------------------------------------------------------------------------ This is the EGI Trust Anchor release, based on the updated IGTF Accredited CA distribution version 1.129-1 with the specific DOGWOOD CA in meta-package "ca-policy-egi-combined-adequacy-model-1.129-1" that supports the model of joint assurance provision as detailed in the EGI Policy on Acceptable Authentication Assurance. The following notices are republished from the IGTF, inasfar as pertinent to this release. Details are found in the newsletter https://www.eugridpma.org/ Changes from 1.128 to 1.129 --------------------------- (24 June 2024) * updated CRL URL location for MREN CA (ME) * removed discontinued TSU-GE GRENA CA (GE) * removed suspended BYGCA (BY) * removed discontinued LIP CA (PT) * removed obsolete DT transitional CAs (AE) IMPORTANT NOTICE: In the future releases we will move to a NEW RSA-2048 GPG PACKAGE SIGNING key. The new public key file, GPG-KEY-EUGridPMA-RPM-4, is distributed with this and subsequent releases. You can retrieve the new public key file from https://dl.igtf.net/distribution/GPG-KEY-EUGridPMA-RPM-4 Ensure this key is installed now as a trusted key for package signing! The CA modifications encoded in both "requires" and "obsoletes" clauses (RPM) and Conflicts/Replaced clauses (Debian) have been incorporated in the above- mentioned meta-packages. This release is best enjoyed with fetch-crl v3 or better, available from GNU/Linux OS add-on repositories Fedora, EPEL, Debian, and from the IGTF at https://www.igtf.net/fetch-crl Policy on Acceptable Authentication Assurance --------------------------------------------- If a Community or e-Infrastructure registration service is accredited by EGI to meet the approved authentication assurance level, also an IGTF "DOGWOOD" accredited Authority, used in combination with such a service, is sufficient. HOWTO01, https://edu.nl/envyq#combined-assuranceadequacy-model has the details. TECHNICALLY THIS MEANS ... that you must ONLY install the new ca-policy-egi-cam packages if you ALSO at the same time implement VO-specific authorization controls in your software stack. This may require reconfiguration or a software update. OTHERWISE just ONLY install or update the regular ca-policy-egi-core package. There are no changes in this case. The ca-policy-egi-core package is approved for all VOs membership and assurance models. No configuration change is needed. Version information: ca-policy-egi-combined-adequacy-model = 1.129-1