- Create a new self-signed signing certificate set to expire on December 18, 2037: [DONE]
- On December 18, 2013, deploy three new metadata aggregates: [DONE]
- A new production metadata aggregate that uses the new self-signed certificate and a SHA-2 digest algorithm (specifically, SHA-256):
- A new fallback metadata aggregate that uses the new self-signed certificate and the SHA-1 digest algorithm (like we do now):
- A new preview metadata aggregate that is aliased to the production metadata aggregate:
- Advise all deployments to migrate to one of the new metadata aggregates ASAP but no later than March 29, 2014. [DONE]
- Create discussion list metadata-support@incommon email@example.com. [DONE]
- Replace the current metadata aggregate with a redirect to the fallback metadata aggregate on March 29, 2014. [DONE]
- Retire the following resources on March 29, 2014:
- Sync the fallback metadata aggregate with the production metadata aggregate on June 30, 2014. [DONE]
- Remove the redirect to the fallback metadata aggregate on [date TBD].
If you have questions or problems regarding this transition, please post them to metadata-support@firstname.lastname@example.org.