IGTF RAT

The International Grid Trust Federation (IGTF) Risk Assessment Team (RAT) is responsible for assessing risk and setting time and deadlines for response and action for concerns and vulnerabilities. All IGTF members are welcome to join the IGTF RAT.

Email address: igtf-rat@eugridpma.org (administered by operations@eugridpma.org)

Encrypted email list (for internal use): igtf-rat@sels-igtf.ncsa.uiuc.edu (administered by jbasney@ncsa.uiuc.edu)

Members:

• APGridPMA: Yoshio Tanaka (PGP), Jinny Chien, Eric Yen
• EUGridPMA: Jens Jensen (chairperson), Willy Weisz (PGP, X.509), David Groep (PGP, X.509), Sajjad Asghar
• TAGPMA: Jim Basney (PGP, X.509), Vinod Rebello, Jim Marsteller (PGP), Doug Olson (PGP, X.509, X.509)

Note: This page is publicly accessible via http://tagpma.es.net/wiki/bin/view/IGTF-RAT. Use https://tagpma.es.net/wiki/bin/view/IGTF-RAT to edit.

News

• 08 Jan 2009: No threat to IGTF PKI from OpenSSL DSA/ECDSA issue CVE-2008-5077
• 02 Jan 2009: Impact of December 30th MD5 collision vulnerability on the IGTF
• 23 May 2008: Impact of the Debian OpenSSL vulnerablity on the IGTF

Work

• 2009-02 - Verify contact information
• 2009-01 - IGTF RAT Audit: (EC)DSA, MD5, and weak keys
• 20080813 - Test of communications channels with IGTF CA operators

Tasks

• Respond to concerns and vulnerabilities raised by IGTF members and relying parties, by assessing risk and setting time and deadlines for response and action from the IGTF membership. This may include contacting individual CA operators and posting advisories to the igtf-general email list as needed.
• Perform periodic audits of member CA contact addresses and other issues.
• Periodically report to the IGTF membership on RAT activities (i.e., newsletter posts to the igtf-general email list and presentations at TAGPMA, EUGridPMA, APGridPMA, and IGTF All Hands meetings).
• Maintain active RAT membership, including multiple representatives from each regional PMA (TAGPMA, EUGridPMA, APGridPMA) and keep the igtf-rat email list(s) and twiki pages up-to-date.

Procedures

The IGTF RAT operates by consensus. To react quickly and effectively, the group must have the ability to quickly reach consensus. We take the Apache Voting Process as a guide. Specifically, consensus is reached if there are three positive votes and no negative votes. Any official action requires that we reach consensus in this manner.

The IGTF RAT contacts CA operators via the email address in the .info file of the IGTF distribution. IGTF members are expected to monitor this address. The RAT expects responses from IGTF members within one business day. The RAT conducts tests of the CA email addresses twice per year.

To contact all IGTF CA operators, take the latest IGTF distribution and run

grep -h "email =" *.info | cut -c 9- | sort -u | perl -n -e '{ chomp; print "$_, " }' | sed 's/, $//g'

to get a list of addresses. Note the use of BCC or subjects including "please reply" is discouraged because it causes messages to be bounced or marked as spam.

For very urgent issues, the IGTF RAT may also post to igtf-general:

  IGTF CA operators:

  The IGTF RAT sent an urgent message to your registered email address.
  Please check your email and respond promptly.
  Contact igtf-rat@eugridpma.org if you did not receive the message.

Response procedure proposed at the TAGPMA F2F meeting in La Plata, Argentina is shown at the right.

Contact Information

IGTF Information (info@gridpma.org)

IGTF General (igtf-general@gridpma.org)

• IGTF member discussions

APGridPMA Members (members@apgridpma.org)

• APGridPMA member discussions

EUGridPMA Announcements (announce@eugridpma.org)

• http://mailman.eugridpma.org/cgi-bin/listinfo/eugridpma-announce

EUGridPMA Concerns (concerns@eugridpma.org)

• public reporting address for concerns regarding the EUGridPMA
• forwarded to European RAT members

EUGridPMA Suspension Review Core Team (suspension-review@eugridpma.org)

• expert and policy core team to assess CA suspension before a plenary call (to set timelines therefor)
• members: Dave Kelsey, Ursula Epting, Jan Jona Javorcek, David Groep

EUGridPMA Operations (operations@eugridpma.org)

• DNS and email aliases, mailing list administration, web site repair
• members: Anders Waananen, David Groep

EUGridPMA General (dg-eur-ca@services.cnrs.fr)

• EUGridPMA member discussions

TAGPMA General (tagpma-general@tagpma.org)

• TAGPMA member discussions
• http://www.tagpma.org/mailing_lists/tagpma-general

TAGPMA Private (tagpma-private@psc.edu)

• For private discussions between select members of the TAGPMA organization. All communications should be considered private and not disclosed to outside parties. Example uses of this list include: Incident Response, sensitive CA status information, etc.
• https://lists.psc.edu/mailman/listinfo/tagpma-private

TAGPMA Concerns (concerns@tagpma.org)

• public reporting address for concerns regarding the TAGPMA
• RAT_Procedure.pdf: Initial RAT Response Procedure

to top