Skip to content

fix fpki faq on certificates page #253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
konklone merged 2 commits into from
Aug 31, 2018
Merged

fix fpki faq on certificates page #253

konklone merged 2 commits into from
Aug 31, 2018

Conversation

@lachellel
Copy link
Contributor

@lachellel lachellel commented Aug 31, 2018

#252

  • Updated links to point to fpki.idmanagement.gov pages
  • Updated for the closure of the mozilla application
  • minor nit: there are non-USG operated publicly trusted root CAs that still create valid paths in some trust stores to federal pki issued certs. Whether this is desirable or intentional is not addressed.

@konklone

@lachellel
fix fpki faq on certificates page
1f3cd59 
changed the links to point to fpki.idmanagement.gov pages
updated to show that the mozilla application has been closed
minor nit:  there are non-USG operated publicly trusted root CAs that still create valid paths in some trust stores to federal pki issued certs.  whether this is desirable or intentional is not addressed.
konklone
konklone reviewed Aug 31, 2018
View reviewed changes
pages/certificates.md Outdated
The [Federal PKI](https://fpki.idmanagement.gov) root is trusted by some browsers and operating systems, but is not contained in the [Mozilla Trusted Root Program](https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/). The Mozilla Trusted Root Program is used by Firefox, many Android devices, and a variety of other devices and operating systems. This means that the Federal PKI is not able to issue certificates for use in TLS/HTTPS that are trusted widely enough to secure a web service used by the general public.

The Federal PKI has an [open application](https://bugzilla.mozilla.org/show_bug.cgi?id=478418) to the Mozilla Trusted Root Program. However, even if the Federal PKI's application is accepted, it will take a significant amount of time for the Federal PKI's root certificate to actually be shipped onto devices and propagate widely around the world.
The Federal PKI and Mozilla have [closed the application](https://bugzilla.mozilla.org/show_bug.cgi?id=478418) to include the Federal PKI root in the Mozilla Trusted Root Program.
Copy link
Contributor

@konklone konklone Aug 31, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we could actually just delete the paragraph altogether.

@konklone
Copy link
Contributor

konklone commented Aug 31, 2018

@lachellel I removed the Mozilla paragraph altogether, since I don't think we need to acknowledge a closed bug now. Thank you for doing this!

@konklone konklone merged commit 5369d23 into GSA:master Aug 31, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@konklone konklone konklone left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lachellel @konklone