[Go to /]
Contact us


One Statement Policies


Technical Info
CA Distribution download
Subject Locator
Find your local CA
About your certificate

Newsletter issues
Service notices

Tools download and fetch-crl
Technical documentation
IGTF OID Registry
SHA-2 timeline

Abingdon, UK, Oct 4-5, 2023
Amsterdam, May 22-23, 2023

Intranet and Reviews (closed)

EUGridPMA Technical Documents

  • Namespace constraints file format and semantics (Adobe PDF) (MS Word)

    This document describes the format and parsing rules for the namespaces file as shipped with the EUGridPMA and IGTF distributions of the accredited authorities. It augments the existing signing_policy scheme for relying-party defined name constraints on the valid subject identifiers from trusted identity providers.

    This document describes the specific expression of this namespace constraints policy as a policy file stored in a file system, and on the processing and interpretation semantics of the policy file by compliant software implementations.

    Related links:

  • EACL signing_policy file format

    This document describes the signing_policy file format used by the Globus Toolkit "OLD-GAA" API to restrict the subject signing namespace.

    Note that due to implementation limitations in all Globus Toolkit versions, the EUGridPMA and IGTF only use positive rights EACL rules.

  • OID for Proxy Delegation Tracing

    This document defines the OID allocation from the IGTF used for experimental proxy certificate delegation tracing. It assigns OID arc 1.2.840.113612. for the use of identifying attributes in RFC 3820 proxy certificates that facilitate the tracing of delegations in a proxy certificate chain.

  • HASHRAT SHA-1 Hash Function Risk Assessment

    The most-commonly used hash algorithm in IGTF PKI implemention today is SHA-1, which is however increasingly vulnerable to attacks and its continued use may soon start posing a threat to the IGTF PKI. However, moving to a more modern hash like SHA-2 (or soon SHA-3) has operational consequences for the e-Infrastructure relying on the IGTF PKI in that not all software implementations can currently work with SHA-2. In this document we assess the risk to attacks on SHA-1 with respect to the integrity of the trust fabric and the impact of moving to SHA-2 at a given point in time on the operational infrastructure

  • Registration Practice Statement

    The RPS outlines the procedures that the community members of the Registration Authority follow to comply with the Profile. A Registration Authority (RA) responsible for the verification prior to the issuance of credentials issued under the Policy.

Comments to David Groep. This site is hosted at Nikhef, subject to the privacy policy.