An open discussion list for topics related to the eduGAIN interfederation service.

[Tomasz Wolniewicz <twoln AT umk.pl>]

Hi everyone,
  as I have already announced, we will be changing the certificate in 
the MDS metadata.
Since the current test feeds seem to work fine for everyone, we are 
ready do do the final switch.
We will make the substitution on Wednesday 9th of July around 9:00 CET 
(7:00 UTC).

The new certificate is listed on 
https://www.edugain.org/technical/cert.php but I want to point out that 
this cert is based on the same public key as the previous one, therefore 
we are not introducing changes to the existing trust between eduGAIN and 
the participating federations.

After the switch, the following production feeds will be provided by 
eduGAIN:

http://mds.edugain.org/feed-sha256.xml
     this should be the primary choice. This is a static file refreshed 
and resigned every 10 minutes and served by Apache. Its download is much 
faster as it does not involve any metadata generation.

http://mds.edugain.org/
http://mds-beta.edugain.org/
Are two direct feeds from our two MDS instances.

I'm ashamed to admit, that my TCS certificate has just expired and I 
have not yet received a new one, therefore this mail goes unsigned.

Tomasz


W dniu 2014-07-02 22:58, Tomasz Wolniewicz pisze:
> Hi,
>     as I have announced earlier today, we are in the process of reissuing
> the signing cert for MDS.
> The new certificate uses the same key pair as the old one.
>
> We are now supplying the following feeds:
>
> http://mds.edugain.org/
> - direct output from the main MDS, signed with the old certificate
>
> http://mds-beta.edugain.org/
> - direct output from  MDS -beta, signed with the new certificate
>
>
> http://mds.edugain.org/feed-sha256.xml
>   - static file based on the output from MDS-beta, resigned using SHA-256
> and the old certificate
>
> http://mds.edugain.org/feed-2014-sha256.xml
>   - static file based on the output from MDS-beta, resigned using SHA-256
> and the new certificate
>
> All files should essentially be in sync, except for times when upstream
> data feeds change, when you can expect some convergence delay.
>
> We would like to change the certificate on production feeds next
> Wednesday (9.07.2014). I will send another message on Monday.
>
> Cheers
> Tomasz

--
Tomasz Wolniewicz
          twoln AT umk.pl        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576