What I really don't understand is why we would fail - our server
certificates are valid against the old (weak) CA trust chain, or the
new one. So the puzzle is not why we pass, but why others fail.
However, if Jens and Mingchao are also confused then at least I am in
good company...
g
On Mon, May 19, 2008 at 7:15 PM, Ma, M (Mingchao) <[log in to unmask]> wrote:
> I do not understand either, grid service should not be affected at all. 73?
> It seems quite a lot :-( , but we are not alone.
>
> Cheers,
>
> Mingchao
>
>
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes
>> [mailto:[log in to unmask]] On Behalf Of Jensen, J (Jens)
>> Sent: Monday, May 19, 2008 6:48 PM
>> To: [log in to unmask]
>> Subject: Re: New LCG CA release 1.21: breaks site
>>
>> Ma, M (Mingchao) wrote:
>> > It has been confirmed that SAM tests have updated the CA
>> certificates
>> > by
>> > 2008-05-19 11:57. Sites still failed SAM tests after upgraded?
>> > OSCT-DC will
>> > follow the standard procedure to verify the release of new CA
>> > distribution.
>>
>> Thanks, Mingchao. This is indeed puzzling - why aren't sites
>> that haven't upgraded failing? Why do sites that upgrade fail?
>>
>> Incidentally, my test of EE certs finished this minute, and
>> it has found certificates with dodgy keys. Out of 11605
>> certificates (as of 14 May which was when I fetched the
>> certs), it has found 73 vulnerable keys.
>>
>> --jens
>>
>
|