Index of /distribution/igtf

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[DIR]current/2017-10-02 10:42 -  
[DIR]current-new/2017-10-02 10:42 -  
[DIR]Outdated/2015-11-28 16:06 -  
[TXT]LICENSE2010-10-12 09:48 2.0K 
[DIR]1.86/2017-10-02 10:42 -  
[TXT]1.86-is-current2017-10-09 10:03 0  
[DIR]1.85/2017-07-24 09:23 -  
[DIR]1.84/2017-06-20 12:54 -  
[DIR]1.83/2017-05-25 10:25 -  
[DIR]1.82/2017-03-25 10:00 -  
[DIR]1.81/2017-02-17 19:45 -  
[DIR]1.80/2017-01-25 10:58 -  
[DIR]1.79/2016-11-21 08:26 -  
[DIR]1.78/2016-10-05 08:25 -  
[DIR]1.77/2016-09-23 10:16 -  
[DIR]1.76/2016-07-23 11:37 -  
[DIR]1.75/2016-06-20 10:59 -  
[DIR]1.74/2016-05-11 15:30 -  
[DIR]1.73/2016-03-21 08:34 -  
[DIR]1.72/2016-02-22 13:33 -  
[DIR]1.71/2016-01-18 13:54 -  
[DIR]1.70/2015-11-25 10:12 -  
[DIR]1.69/2015-10-19 21:09 -  
[DIR]1.68/2015-09-28 10:16 -  
[DIR]1.67/2015-08-31 13:02 -  
[DIR]1.65/2015-06-22 11:43 -  
[DIR]1.64/2015-05-25 09:41 -  
[DIR]1.63/2015-03-24 08:38 -  
[DIR]1.62/2015-02-18 10:01 -  
[DIR]1.61/2014-11-25 14:54 -  
[DIR]1.60/2014-10-17 20:54 -  

==============================================================================
Welcome to the Trust Anchor Distribution of the                    v20091026-1
International Grid Trust Federation IGTF
==============================================================================

The  International Grid Trust Federation  (IGTF)  maintains  a list  of  trust
anchors, root certificates and related meta-information for all the accredited
authorities,  i.e.,  those that meet or exceed  the criteria  mentioned in the 
Authentication Profiles accepted by the IGTF.    For a list of those profiles,
please refer to the web site http://www.igtf/net/

This site contains the  Common IGTF Distribution,  including the certificates,
certificate revocation list (CRL) locations, contact information,  and signing 
policies. The Distribution  is periodically updated to  reflect changes in the
trust fabric,  and Relying Parties of the IGTF are advised to keep the list of
installed trust anchors up to date.
Changes to the trust fabric are announced via the constituent PMAs and via the
EUGridPMA Newsletter.  This newsletter carries  IGTF information intended  for
relying parties.   For information about the newsletter  and how to subscribe,
refer to the EUGridPMA web site at https://www.eugridpma.org/


------------------------------------------------------------------------------
What is contained in the IGTF Trust Anchor Distribution
------------------------------------------------------------------------------

*** All Accredited Authority trust anchors are contained below the 
    "accredited/" folder in the distribution web site. That is, ONLY data
    retrieved from 
      https://dist.eugridpma.info/distribution/current/accredited/
    and further down the tree is guaranteed to be related solely to accredited
    authorities.

*** The Policy Installation Bundle at the top-level directory can be used
    to support a conventional "./configure && make install" style installation
    but users MUST be aware that the --with-profile option is mandatory, and
    it allows installation of experimental or worthless authorities when so
    instructed by the installer.

*** ONLY CAs IN THE "accredited/" DIRECTORY and THE CAs INSTALLED 
    USING THE ca_policy_igtf-classic-<VERSION>-1.noarch.rpm ARE ACCREDITED

    Do *not* install certificates from the "worthless/" or "experimental/",
    directories, except if you yourself review and accept their policy and 
    practice statement. The EUGridPMA provides these certificates in 
    this format for your convenience only, and to allow graceful changeover 
    for legacy installations.

*** All individual CAs packages, as well as the bundles, have the same 
    (common) version number and release.

------------------------------------------------------------------------------
Distribution formats
------------------------------------------------------------------------------

* the distribution containes RPMs and tar-balls of each accredited authority,
  as well as meta-RPMs that depends on the RPMs of those accredited.

* the tar "bundle" can be used to install the authorities in a local trust
  anchor directory using the "./configure && make install" process:
    igtf-policy-installation-bundle-<VERSION>.tar.gz

* the accredited directory contains tar-balls for all "classic", "mics", 
  and "slcs" accredited CAs:
    igtf-preinstalled-bundle-classic-<VERSION>.tar.gz
    igtf-preinstalled-bundle-slcs-<VERSION>.tar.gz
    igtf-preinstalled-bundle-mics-<VERSION>.tar.gz
  also a symbolic link without the <VERSION> identifier is available.

* those CAs whose key-length is less than or equal to 2048 bits are also
  available in a Java KeyStore (JKS), whose password is "" (empty string).
  These is both a JKS for each individual CA, as well as a 
  "igtf-policy-accredited-classic-<VERSION>.jks" in the "accredited/jks/"
  sub-directory (also for -slcs and -mics).

------------------------------------------------------------------------------
APT and Yum
------------------------------------------------------------------------------
The repository is suitable for "yum" based automatic updates, by adding to 
the yum.conf file or to the /etc/yum.repos.d/ directory a file containing:

  [eugridpma]
  name=EUGridPMA
  baseurl=http://dist.eugridpma.info/distribution/igtf/current/
  gpgcheck=1
  gpgkey=https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3

or the equivalent baseurl for the APGridPMA hosted mirror site at
  http://www.apgridpma.org/distribution/igtf/current/

Also "apt" is supported for RPM installation. For details, see
  https://dist.eugridpma.info/distribution/igtf/current/apt/README.txt

Large deployment projects are kindly requested to mirror these directories
in their own distribution repositories.


------------------------------------------------------------------------------
RPM GPG signing
------------------------------------------------------------------------------
This RPM distributions are distributed with GPG-signed RPMs. The key (with
ID 3CDBBC71) has been uploaded to the public key servers, along with the
signature of the EUGridPMA Chair (keyID 6F318418). The key is also contained 
in the repository.  You will need this key if you enable GPG checking for 
automatic updates in "yum" or "apt".

Please remember to validate this distribution against the TERENA TACAR
trusted repository (https://www.tacar.org/) where possible.