Download as PDF
Article
You will no doubt have already received advisories about vulnerabilities in the 1.0.1-series of OpenSSL[1] affecting TLS enabled services via the heartbeat extension.
The advice for Moonshot is very similar to an advisory you may have received from eduroam[2].
While there are no indications that CVE-2014-0160[3] is being actively exploited via TLS-based EAP-mechanisms or RADIUS/TLS (aka RadSec) at this time, the software used by Moonshot *is* vulnerable to a "heartbleed" attack.
Article
Those of you who have been following Moonshot for a while will be aware that from the outset we have been keen to get the technology adopted as a standard. Thanks to the hard work of the Application Bridging for Federated Access Beyond web (ABFAB) Working Group of the IETF, December saw an important milestone with the publication of three Moonshot-related RFC documents:
RFC 7055
Title: A GSS-API Mechanism for the Extensible Authentication Protocol
Author: Author: S. Hartman, Ed., J. Howlett
Article
General enquiries
The Project Manager is John Chapman. Please feel free to get in touch if you have any questions or require further information.
Getting started
Article
Since 2010, Janet, working with partners in GÉANT, has been developing Moonshot Technology to provide authentication to non-web services and systems. Moonshot Technology is now at a level where it is being tested in multiple organisations across many different countries and there is a desire to formally develop and pilot a pan-European service within eduGAIN in GN3plus.
Article
The Moonshot code is available in a GIT repository; see gitweb for the main Moonshot code or all projects
To check out the Moonshot repository on your own system, execute:
git clone http://www.project-moonshot.org/git/moonshot.git cd moonshot git submodule init git submodule update
Article
On 14th March 2013 Sam and Margaret from Painless Security hosted a Bar BOF meeting at IETF 86 to begin the process that will hopefully lead to the standardisation of Trust Router.
Article
** Note - this article refers to an old release. Trust Router v1.0 can be found via https://community.ja.net/groups/moonshot/article/trust-router-v10-now-available **
Be one of the first people in the world to run your very own trust router!
Article
As announced at moonshot-community@jiscmail.ac.uk Trust Router 1.0 was officially released (and tagged in the git repository) this week.
The following features have been added since the beta release:
Article
Last night Sam Hartman from Painless Security published a code update to ensure Moonshot is in line with the the latest IETF specs.
In particular:
Article
As we ramp up towards the Janet Pilot we are aiming to provide incremental DVD releases. The latest release is Moonshot Pilot Release 1 DVD which can be found at:
http://psec.s3.amazonaws.com/moonshot-images/2013.03.07.iso
And the corresponding .source directory.
This image includes a few bug fixes. The most notable is that the installer is fixed and you can now just boot into the image and install to a running system.
Prev | Next