Comments (14)
MattKing1
commented on July 21, 2024
The Trust Store Management Guide can be found here.
from fpki-guides.
godadada
commented on July 21, 2024
Hi Participants,
I have been assigned this issue. Please let me know the status, open, closed etc?
Thanks
Chunde
from fpki-guides.
weirdscience
commented on July 21, 2024
I do not think it has been totally converted. Trust store management part hasn't been added (e.g. How to trim/modify Microsoft, apple, Mozilla trust stores)
from fpki-guides.
godadada
commented on July 21, 2024
Thanks Ken.
I will carry on the conversion.
Any further info is much appreciated: requirements, pointers to contacts who may know more, etc?
from fpki-guides.
lachellel
commented on July 21, 2024
Please see a portion of the outline here:
From the document directly:
- Section 2.1 is dangerous and not recommended (removing all trusted roots)
- Section 2.2 can be copied from PIV guides and trust stores - no need for screenshots as the location is more important than Windows based steps
- Section 2.3 same as 2.2 - and we started the information here: https://github.com/GSA/fpki-guides/blob/staging/pages/fpki_crls.md
- Section 2.4 is in piv-guides (and it's not quite a GPO, which was feedback when the doc was originally published)
- Section 2.5 has a placeholder in the top link in this issue post
- Section 2.6 same as Section 2.5
from fpki-guides.
godadada
commented on July 21, 2024
Thanks Lachellel.
from fpki-guides.
godadada
commented on July 21, 2024
Near term To do list for Trust Store Management Guide #9
-
Conversion to github/md
-
Trust store management
How to trim/modify MS, Apple, Mozilla, Adobe trust store
Finish “How do I manager a Trust Store?
Follow the templet done for MS OS -
Section 2.1 is dangerous and not recommended (removing all trusted roots)
-
Section 2.2 can be copied from PIV guides and trust stores - no need for screenshots as the location is more important than Windows based steps
-
Section 2.3 same as 2.2 - and we started the information here: https://github.com/GSA/fpki-guides/blob/staging/pages/fpki_crls.md
-
Section 2.4 is in piv-guides (and it's not quite a GPO, which was feedback when the doc was originally published)
-
Section 2.5 has a placeholder in the top link in this issue post
-
Section 2.6 same as Section 2.5
from fpki-guides.
lachellel
commented on July 21, 2024
@godadada
I just merged #71 from @weirdscience. Including additions to trust stores.
wrt
Conversion to github/md
Most has been completed for minimum viable
from fpki-guides.
godadada
commented on July 21, 2024
"Trust Store" and "Trust Anchor Store" seem to be same concept; but the later is used by IETF RFC 6024, 5914, and 5934. Also it highlights the entry point of trust by using "Anchor". I would suggest we use "Trust Anchor Store" in place of "Trust Store".
Thanks
Chunde
from fpki-guides.
lachellel
commented on July 21, 2024
What do normal engineers understand best? [RFC is not a plain language model. sorry IETF colleagues!]
I used Trust Store because I found it to appeal to a broader audience: https://piv.idmanagement.gov/piv-guides/networkconfig/trustedroots/
And searches online. 👍
truststore is also java language (keystore vs truststore)
https doesn't use either and explained the requirements in even broader terms, plain language, focused on an audience: https://https.cio.gov/certificates/
Don't have a strong opinion except that we have 1) consistency and 2) it works for the intended audience
from fpki-guides.
clstmbrly
commented on July 21, 2024
Agree that we should use “Trust Store,” since it is accepted by a broader audience. Recommend that because the IETF RFCs use the term, “Trust Anchor Store,” we include a footnote (at first mention of “Trust Store” in the text) that explains: “‘Trust Anchor Store’ is also an industry-accepted term. See RFCs 5914, 5934, and 6024.” If a bibliography will be included in the FPKI Guides, then we should add the full document references for the 3 RFCs.
from fpki-guides.
godadada
commented on July 21, 2024
Hey Lachellel,
I do not find the PIV Guide of item 4 of your list above applicable to the Trust Store. Please point out specific content from PIV Guide you want me to copy.
Could you also elaborate "Section 2.6 same as Section 2.5"?
Thanks
Chunde
from fpki-guides.
clstmbrly
commented on July 21, 2024
@lachellel @djpackham In "The most common Trust Stores belong to what vendors?" section table, under the Adobe entry, the link given was for www.apple.com (a mistake, I'm pretty sure). @godadada is searching for a correct link. In the meantime, for the Pull Request, I put in this link that I found: https://helpx.adobe.com/acrobat/kb/approved-trust-list2.html.
from fpki-guides.
lachellel
commented on July 21, 2024
closed via #101 and previous prs
from fpki-guides.
Related Issues (20)
- System Notification for: Federal Bridge CA G4 (Intent to issue to Entrust Managed Services NFI Root CA) HOT 1
- System Notification for: WidePoint Federal Shared Service Provider (Intent to deploy a new CA) HOT 1
- System Notification for: Federal Bridge CA G4 (Intent to issue to SAFE) HOT 2
- System Notification for: Treasury (decommission US Treasury Public CA) HOT 3
- System Notification for: Federal Bridge CA G4 (Intent to issue to USPTO) HOT 2
- Editorial Updates from the FPKIMA HOT 2
- Federal Common CA playbook - one minor nit (FAQs) HOT 3
- Update: PIV CAs and Agencies (FTC) HOT 1
- System Notification for: Entrust SSP CA and Entrust NFI CA (issuing CAs) - URI change HOT 2
- System Notification for: Federal Bridge CA G4 (Intent to Revoke USPTO_INTR_CA1) HOT 1
- System Notification for: SAFE Identity Bridge CA HOT 1
- System Notification for: Federal Common Policy CA G2 (multiple certificates issued) HOT 1
- FBCA2016 P7C appears corrupted HOT 3
- System Notification for: TSCP SHA256 Bridge CA (intent to issue to Alexion Pharmaceuticals Issue 2 CA) HOT 1
- System Notification for: WidePoint Non-Federal Issuer (Intent to deploy a new CA) HOT 3
- macOS Outlook - (signing) certificate is not standards compliant HOT 5
- Agency Contribution to Federal Common Policy CA Migration Playbook (distributing root certificate on RHEL/CentOS/OEL)
- System Notification for: CertiPath Bridge (intent to issue) HOT 1
- System Notification for: DoD Root CA 3 (new certificate detected)
- System Notification for: Federal Common Policy CA (intent to revoke CA certificates) HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fpki-guides.