[log in to unmask]" type="cite"> On Tue, 29 Sep 2009, Roberts A.L. wrote:
"Isn't all trust based on monetary transactions?"
No. I usually only trust people or organisations that don't create
problems and needless support headaches. Unfortunately in this instance
my trust has been misplaced.
Just how much money is being saved by this change anyway? Who should we
bill for all the time and effort expended as a result of yet another
enforced change without adequate consultation.
To be fair, if it makes the current process any easier (which it promises
to do), then that's no bad thing. Also, I have been advised that the new
system will properly support subjectAltname certificates, which will make
life easier in particular for some people running Windows services that
require them (e.g., Exchange 2007).
The annoying part is that the chance are a lot of certificates will be
re-done in a short amount of time. Which means when they come up for
renewal 1 or 3 years later, that will likely be a lot of certificates that
need to be done in a short amount of time again. Of course, in their
natural lifespan, they would be largely spread through the year, which
makes it more manageable. And of course we will also have to update local
documentation, scripts and procedures which is tedious.
Caleb's comment that Globalsign are saying something different to JANET is
interesting. Maybe Caleb could get back to them and ask them to
explicitly verify or refute that particular part of what JTAG have said.
Jethro.
AL
Mr. Alexander Roberts
Web Development Officer
Library and Information Services
Swansea University/Prifysgol Abertawe
http://www.swan.ac.uk/lis
+44 (0)1792 513239
-----Original Message-----
From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Nicole HARRIS
Sent: 29 September 2009 09:54
To: [log in to unmask]
Subject: Re: GlobalSign vs Comodo
Not to worry all, my team will be working with JANET to monitor people as they move across to Comodo and will relentlessly chase anyone who hasn't updated to the new service in the meantime. We are good at relentless!
Best piece of advice I can give you is to make sure your technical contact details are up to date for both the uk federation and the scs service. These changes normally go wrong because things sit in people's inboxes and get ignored.
Isn't all trust based on monetary transactions? "I promise to pay the bearer..." :) I just wish the new supplier didn't constantly remind me of toilets....
--------------------------
Sent using BlackBerry
----- Original Message -----
From: Discussion list for Shibboleth developments <[log in to unmask]>
To: [log in to unmask] <[log in to unmask]>
Sent: Tue Sep 29 09:35:32 2009
Subject: Re: GlobalSign vs Comodo
Customers must be aware that under the present GlobalSign contract
all current and valid certificates will be revoked by GlobalSign wef
9 April 2010, and not at the end of their natural lifespan
that's what I read - amazing to think that because money is not
changing hands, the trust is no longer valid. There's a word for that...
Alistair
--
mov eax,1
mov ebx,0
int 80h
On 29 Sep 2009, at 09:29, Williams, John wrote:
Apparently all certificates will expire in April 2010:
From: JTAG: SCS/UKFed [mailto:[log in to unmask]]
Sent: 28 September 2009 14:10
To: JTAG: SCS/UKFed
Subject: JANET Server Certificate Service UPDATE
Hello,
As a current member of our Server Certificate Service we would like
to make you aware of some forthcoming changes to the service.
JANET(UK) has signed up to a new TERENA contract for server
certificates to be provided by Comodo, which will go live before the
end of this year, with notification of the exact date to be sent to
all current registrants once confirmed. Our existing contract for
server certificates issued by GlobalSign (through TERENA) will
expire in January 2010. All existing customers of our Server
Certificate Service will be invited to sign up for the new service
in readiness for the system going live.
Once the new certificate service is in place and you have registered
to use the service, your organisation's authorised persons will be
given access to an online account. A significant benefit will be
the ability for customers to approve or deny their own certificates
without the need to print, sign and return them individually to
JANET(UK) for processing.
All aspects of validating individual certificate requests will be
fully automated, thus improving the turnaround time for all
certificate requests. Authorised persons will also be able to
retrieve any / all certificates associated with their organisation
and perform revocation functions directly. JANET(UK) will continue
to absorb the cost of providing the certificates under this new
system, so there will continue to be no onward charging to
organisations.
Customers must be aware that under the present GlobalSign contract
all current and valid certificates will be revoked by GlobalSign wef
9 April 2010, and not at the end of their natural lifespan. However
we would like to assure you that we are still open for business and
will continue to issue certificates, and are in the process of
developing a transition plan to make the crossover to the new
service as smooth and easy as possible for organisations.
If you should have any queries as a result of these changes please
direct them to [log in to unmask] in the first instance.
Best wishes,
Shirley Wood
--
This communication is intended solely for the addressee The message
should not be forwarded to any third party without the agreement of
the sender.
--
John Williams
ISA
Aston University
-----Original Message-----
From: Discussion list for Shibboleth developments [mailto:[log in to unmask]
] On Behalf Of caleb racey
Sent: 29 September 2009 09:19
To: [log in to unmask]
Subject: Re: GlobalSign vs Comodo
It's all Chinese whispers but one of my colleagues asked for
clarification from glaobalsign and got the reply
" As requested I would like to confirm that GlobalSign will not
revoke any of your existing certificates. "
So they are stopping issuing new certs but old certs should be valid
until they naturally expire.
-----Original Message-----
From: Discussion list for Shibboleth developments [mailto:JISC-
[log in to unmask]] On Behalf Of Alistair Young
Sent: 29 September 2009 08:03
To: [log in to unmask]
Subject: GlobalSign vs Comodo
just a wee q about certs in the fed. I've just heard JANET are moving
to Comodo and all certs issued under the existing scheme with
GobalSign will be revoked next April, no matter what their expiration
date is. Will Comodo certs work ok in the federation?
thanks,
Alistair
--
mov eax,1
mov ebx,0
int 80h
. . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK