Versions Compared

Old Version 11

changes.mady.by.user Davide Vaghetti

Saved on

compared with

New Version 12

changes.mady.by.user Nicole Harris

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


DateMarch 8th 2022 10:00-12:00am CET  
LocationSUNET Office Stockholm
Participants (in presence)Nicole Harris (GEANT), Leif Johansson (SUNET), Björn Mattson (SUNET), Pål Axelsson (SUNET), Davide Vaghetti (GARR)
Participants (remote)
TBD

Marco Malavolti, Eisaku Sakane, Tomasz Wolniewicz, Mark Williams, Pensri A., Dariusz Janny (PSNC), Maarten Kremers, Maja Górecka-Wolniewicz, Dubravko Penezic (SRCE) (dpenezic), Stephen Lovell (GÉANT), Thomas Bärecke, Alex Stuart, Martin Stanislav,Niels van Dijk, alan buxey, Leonardo Marino, Barbara Monticini, Zbigniew Ołtuszyk (PSNC), Ian Galpin, Donald Coetzee, Jule Ziegler, Valeriu Vraciu (UAIC), Daniel Kouřil, Thijs Kinkhorst, Takeshi Nishimura (GakuNin), TENET Boardroom, Massimiliano Adamo, Thomas Nilsson,Macías José Manuel, Renato Furter, Warda Al Habsi (OMREN), Saeed Khademi, , Salu Upadhyay, Halil Adem, Fredrik Domeij, , Gheorghita BUTNARU, Björn Mattsson, Mario Di Lorenzo, Guy Halse, Laura Pirelli, Lewisham West & Penge CLP, Eilia Etminan, Takeshi Nishimura (NII)

Recording

HTML
<iframe width="560" height="315" src="https://www.youtube.com/embed/59csB3jiOeQ" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

PlayBook

Key data

Key typeKey

...

SubjectKey Duration

RSA 4096bit 

...

O=GEANT, CN=eduGAIN RSA Signer CA 2022

20 Years

ECC 384bits

O=GEANT, CN=eduGAIN ECC Signer CA 2022

...

20 Years

Key generation

  1. Prepare key storage computer for use.
  2. Connect and verify RNG.
  3. Use the RNG to create and set a static password in the two yubikeys. 
  4. Generate RSA 4096 bits and ECC 384 bits keypairs , encrypt using yubikey in static mode.
  5. Decrypt RSA private key using yubikey in static mode, temporarily stored in /dev/shm.
  6. Issue self-signed certificate using keypair.
  7. Copy the keys to two USB sticks.
  8. Generate sha1 and sha256 fingerprint of certificate.
  9. Copy the RSA certificate to a USB stick and send it to the eduGAIN OT.  
  10. Shutdown key storage computer.

...