Download as PDF
Article
You will no doubt have already received advisories about vulnerabilities in the 1.0.1-series of OpenSSL[1] affecting TLS enabled services via the heartbeat extension.
The advice for Moonshot is very similar to an advisory you may have received from eduroam[2].
While there are no indications that CVE-2014-0160[3] is being actively exploited via TLS-based EAP-mechanisms or RADIUS/TLS (aka RadSec) at this time, the software used by Moonshot *is* vulnerable to a "heartbleed" attack.
Article
Those of you who have been following Moonshot for a while will be aware that from the outset we have been keen to get the technology adopted as a standard. Thanks to the hard work of the Application Bridging for Federated Access Beyond web (ABFAB) Working Group of the IETF, December saw an important milestone with the publication of three Moonshot-related RFC documents:
RFC 7055
Title: A GSS-API Mechanism for the Extensible Authentication Protocol
Author: Author: S. Hartman, Ed., J. Howlett
Article
General enquiries
The Project Manager is John Chapman. Please feel free to get in touch if you have any questions or require further information.
Getting started
Article
Since 2010, Janet, working with partners in GÉANT, has been developing Moonshot Technology to provide authentication to non-web services and systems. Moonshot Technology is now at a level where it is being tested in multiple organisations across many different countries and there is a desire to formally develop and pilot a pan-European service within eduGAIN in GN3plus.
Article
In issue 21 of Janet News, published in June 2013, Dr Rhys Smith describes the technologies used in Moonshot and outlines the steps that take place when an application uses Moonshot for authentication.
Article
Last night Sam Hartman from Painless Security published a code update to ensure Moonshot is in line with the the latest IETF specs.
In particular:
Article
*** Note: the current release is Moonshot Pilot Release 1 DVD. See https://community.ja.net/groups/moonshot/article/moonshot-pilot-release-... for more details ***
Article
As we ramp up towards the Janet Pilot we are aiming to provide incremental DVD releases. The latest release is Moonshot Pilot Release 1 DVD which can be found at:
http://psec.s3.amazonaws.com/moonshot-images/2013.03.07.iso
And the corresponding .source directory.
This image includes a few bug fixes. The most notable is that the installer is fixed and you can now just boot into the image and install to a running system.
Article
Over the summer we have been busy procuring the development and support services required to take Moonshot forwards to a Service Pilot.
Following an OJEU procurement, I am pleased to announce that last month Painless Security was awarded a contract to provide Janet with a Moonshot code development, maintenance and support service for 2 years with an option to extend for a further 2 years.
Article
Prev | Next