edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Hi,

could someone help with this question:

What is the basis for validator warnings about expired signing/encryption
certificates found in metadata?

It is mentioned in BCP as a low significance condition:

https://wiki.geant.org/display/eduGAIN/Best+Current+Practice

It is also mentioned in SAML2 MetaIOP §2.5.1: "it is RECOMMENDED that
certificates be unexpired" (yet preceded by an explicit statement that this
does not matter).

https://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-iop.pdf

The former is referenced by eduGAIN SAML Profile §4:

https://github.com/REFEDS/SAML-Profile/blob/master/edugain-saml-profile.md#4-saml-metadata-signing

Is there anything else I am missing?

Cheers,
Z.

[eduGAIN-discuss] reference for expired certificate warning, Zenon Mousmoulas, 11/19/2019
- Re: [eduGAIN-discuss] reference for expired certificate warning, Peter Schober, 19-Nov-2019
  - Re: [eduGAIN-discuss] reference for expired certificate warning, Tomasz Wolniewicz, 19-Nov-2019
    - Re: [eduGAIN-discuss] reference for expired certificate warning, Peter Schober, 19-Nov-2019
  - Re: [eduGAIN-discuss] reference for expired certificate warning, Zenon Mousmoulas, 19-Nov-2019
    - Re: [eduGAIN-discuss] reference for expired certificate warning, Peter Schober, 19-Nov-2019
      - Sv: [eduGAIN-discuss] reference for expired certificate warning, Pål Axelsson, 19-Nov-2019
        
        Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 19-Nov-2019
        
        Re: [eduGAIN-discuss] reference for expired certificate warning, Nick Roy, 19-Nov-2019
        
        Re: [eduGAIN-discuss] reference for expired certificate warning, Peter Schober, 20-Nov-2019
        Re: [eduGAIN-discuss] reference for expired certificate warning, Leif Johansson, 20-Nov-2019