Comments (4)
Would it be useful to include a table of the different trust stores (i.e. Microsoft, Apple, NSS, Java, etc.) that includes a brief description of each, as well as other resourceful links, the status of Common root cert for each trust store, and any other relevant info related to Trust Stores and FPKI?
from fpki-guides.
Yes, IMO.
The Trust Store guide is very explicit to only one trust store, and doesn't address all or even why.
- the "GPO" section isn't a GPO
- suggesting to remove all other trust anchors can cause failures to boot; only suggest for specific purposes and outline what those are
👎 - piv-guides, specific to trust stores for some network items right now: https://github.com/GSA/piv-guides/blob/staging/_networkconfig/3_managingtrustroots.md
This item:
This process will have to be conducted every time a new certificate is issued by a FPKI CA.
- How do I do this? How do I know when something has changed? Who tells me? Do I get an alert? Do I check a webpage? Do I perform a query? How often should I check?
for this item:
A better method is to set your system to conduct dynamic path validation or use a SCVP service.
- if I do dynamic, are all my workstations or servers going to download files? from where? how big is this?
All items above would be additional to consider. Minimum first IMO.
from fpki-guides.
Sorry, computer died mid pull. They are the same.
from fpki-guides.
The trust store part has been addressed. Is this ready to close? It seems there are three different issues here. This also addresses some of #9
- Information on Trust Stores and Common Policy
- How to conduct trust store management to trust FPKI certificates
- How to establish dynamic path validation (one issuer per type of platform)
Should this all be integrated with the PIV guide or vice versa? FPKI as the main guide with a section specific to PIV?
from fpki-guides.
Related Issues (20)
- System Notification for: Federal Bridge CA G4 (Intent to issue to Entrust Managed Services NFI Root CA) HOT 1
- System Notification for: WidePoint Federal Shared Service Provider (Intent to deploy a new CA) HOT 1
- System Notification for: Federal Bridge CA G4 (Intent to issue to SAFE) HOT 2
- System Notification for: Treasury (decommission US Treasury Public CA) HOT 3
- System Notification for: Federal Bridge CA G4 (Intent to issue to USPTO) HOT 2
- Editorial Updates from the FPKIMA HOT 2
- Federal Common CA playbook - one minor nit (FAQs) HOT 3
- Update: PIV CAs and Agencies (FTC) HOT 1
- System Notification for: Entrust SSP CA and Entrust NFI CA (issuing CAs) - URI change HOT 2
- System Notification for: Federal Bridge CA G4 (Intent to Revoke USPTO_INTR_CA1) HOT 1
- System Notification for: SAFE Identity Bridge CA HOT 1
- System Notification for: Federal Common Policy CA G2 (multiple certificates issued) HOT 1
- FBCA2016 P7C appears corrupted HOT 3
- System Notification for: TSCP SHA256 Bridge CA (intent to issue to Alexion Pharmaceuticals Issue 2 CA) HOT 1
- System Notification for: WidePoint Non-Federal Issuer (Intent to deploy a new CA) HOT 3
- macOS Outlook - (signing) certificate is not standards compliant HOT 5
- Agency Contribution to Federal Common Policy CA Migration Playbook (distributing root certificate on RHEL/CentOS/OEL)
- System Notification for: CertiPath Bridge (intent to issue) HOT 1
- System Notification for: DoD Root CA 3 (new certificate detected)
- System Notification for: Federal Common Policy CA (intent to revoke CA certificates) HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fpki-guides.