SHA2 testing Simone Campana ITSDC 04062013 ITSDC Support

  • Slides: 5
Download presentation
SHA-2 testing Simone Campana IT/SDC 04/06/2013 IT-SDC : Support for Distributed Computing

SHA-2 testing Simone Campana IT/SDC 04/06/2013 IT-SDC : Support for Distributed Computing

Introduction § WLCG credentials (proxies) are today based on SHA-1 encryption § Getting a

Introduction § WLCG credentials (proxies) are today based on SHA-1 encryption § Getting a bit weak from the security perspective § We (WLCG) agreed to move to SHA-2 proxies § We need to test if our services can accept clients with a SHA-2 proxy IT-SDC ADC Weekly – Simone Campana 21 May 2013 2

Infrastructure § An infrastructure has been setup for the testing § https: //twiki. cern.

Infrastructure § An infrastructure has been setup for the testing § https: //twiki. cern. ch/twiki/bin/view/LCG/SHA 2 readines s. Testing § In brief: § A Certification Authority at CERN has been setup to provide SHA-2 certificates § A VOMS server at CERN can extend them with the VOMS attributes § A UI at CERN provides an environment with the latest clients for testing IT-SDC ADC Weekly – Simone Campana 21 May 2013 3

How does it work § For each ATLAS service which authenticates through X 509:

How does it work § For each ATLAS service which authenticates through X 509: § Install the CA RPM (it is like any other CA RPM we have on central services) § Install the new VOMS RPM (same as the production VOMS RPM) § We then test the most common use cases § Normally “query” and “insert/update” § Both CLI, API and WEB UI (whatever exists) § I have successfully tested AGIS for SHA-2 compliance § With the help of AGIS devs IT-SDC ADC Weekly – Simone Campana 21 May 2013 4

What do I need § The CA RPM and the VOMS RPM to be

What do I need § The CA RPM and the VOMS RPM to be installed in all central services § Will not break anything, but please play safe § Each service responsible to provide the most important test cases § § I know what to do for Panda and DDM I need help for Task Definition, AMI, Da. TRI No need to test Hammercloud Did I forget something? § The sooner we do this, the better IT-SDC ADC Weekly – Simone Campana 21 May 2013 5