Versions Compared

Old Version 20

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 21

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Replace the current signing certificate with a long-lived, self-signed certificate based on the current key pair.
    • Set the new certificate to expire on December 18, 2037.
  2. Deploy a new production metadata aggregate that uses the new self-signed certificate and a SHA2-based signing algorithm (specifically, SHA-256).
  3. Deploy a new fallback metadata aggregate that uses the new self-signed certificate and a SHA1-based signing algorithm (like we do now).
  4. Advise all deployments to migrate to one of the new metadata aggregates ASAP but no later than March 29, 2014.
  5. Replace the current metadata aggregate with a redirect to the fallback metadata aggregate on March 29, 2014.
  6. Sync the fallback metadata aggregate with the production metadata aggregate on June 30, 2014.
  7. Wiki Markup
    Remove the redirect to the _fallback metadata aggregate_ on \[*date TBD*\].

...