Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft Version 0.4 publishing #573

Merged
merged 74 commits into from
Feb 26, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
74 commits
Select commit Hold shift + click to select a range
357d140
Add Infrastructure Cert Type
May 24, 2018
0c6ba5a
minor updates for ocsp certs and infrastructure designation
lachellel Aug 27, 2018
131a9c5
Merge pull request #520 from uspki/Infrastructure-Cert-type
lachellel Aug 27, 2018
b87c7fd
removing enterprise RAs, closes #526
lachellel Aug 27, 2018
36a0448
updates to section 2 for #528 and #506; closes #528; closes #506
lachellel Aug 27, 2018
8f03676
updated subordinate ca names to have a space; closes #509
lachellel Aug 27, 2018
151b878
updated section 1.5.4 for #529
lachellel Aug 30, 2018
0c16881
updated definitions and references; added whois; rearranged rfc refer…
lachellel Aug 30, 2018
d03cfe9
editorial and reference updates for ballot 220; closes issue #522
lachellel Aug 30, 2018
1bf5608
moving revision history; #538
lachellel Sep 4, 2018
6938806
updated certificate profiles for clarity on serial number size and en…
lachellel Sep 4, 2018
cebd736
updated certificate profiles aand section 7.1.5 for the mandatory inc…
lachellel Sep 4, 2018
8989ff0
section 3.2.2 updates for #507; countryName required
lachellel Sep 4, 2018
bb8b8be
addition of CAA record changes in 3.2.2.8 and section 4 for #521
lachellel Sep 4, 2018
c7e44c8
removing most CT requirements for #535; CT requirements will be added…
lachellel Sep 4, 2018
04d1f59
fixes #532 updated navigation, updated version number for policy header
lachellel Sep 4, 2018
746e486
added the 0.2 release to background page
lachellel Sep 5, 2018
73cdad5
fixing some formatting in the additions
lachellel Sep 5, 2018
426ef66
updated subordinate ca profile to add the ocsp eku and fixed mistakes…
lachellel Sep 5, 2018
d072cfc
updated ocsp response profile to fix stray shouting shall statement
lachellel Sep 5, 2018
a0b59a3
updated section 1.2 to replace the tbd uri
lachellel Sep 6, 2018
b091a9c
the pdf form of v0_3
lachellel Sep 6, 2018
1af5ea2
fixed formatting in certificate policy, changed config and header to …
lachellel Sep 6, 2018
88b7df7
Merge pull request #540 from uspki/draftRev3
lachellel Sep 6, 2018
b3d2b5e
updated 7.1.5 to restrict DirName to only one #507
lachellel Sep 6, 2018
bf142d2
debs updates
debcooley Sep 25, 2018
dce460c
fewer typos
debcooley Sep 25, 2018
f9d29db
Section 4 edits
debcooley Sep 25, 2018
fe26478
Section 6.5.1 changes
debcooley Sep 27, 2018
a6d83d6
Section 6.6 and 6.7 changes
debcooley Sep 28, 2018
81760e2
Merge pull request #544 from debcooley/patch-2
lachellel Oct 4, 2018
53dc405
Merge pull request #546 from debcooley/patch-4
lachellel Oct 4, 2018
3a1d9e6
updated subordinate ca cert profile for #542
lachellel Oct 4, 2018
419e7d2
updates for oids for #542
lachellel Oct 4, 2018
4ee391f
rearrangement of section 1.2 for issue #542
lachellel Oct 4, 2018
5362d45
updates for ocsp stapling rfc references for #543
lachellel Oct 4, 2018
144e86e
editorial updates for #543
lachellel Oct 4, 2018
93e2232
removing from section 1.2 for #542
lachellel Oct 4, 2018
1572735
Merge pull request #541 from uspki/draftRev3
lachellel Oct 4, 2018
b2086fe
added back in the terms and provisions; accidental delete from previo…
lachellel Oct 4, 2018
3d1a21a
minor tense updates
lachellel Oct 5, 2018
1a9e0a9
Merge pull request #547 from debcooley/patch-5
lachellel Oct 5, 2018
f7d8fb8
Merge pull request #548 from debcooley/patch-6
lachellel Nov 6, 2018
08ce798
Merge pull request #545 from debcooley/patch-3
lachellel Nov 6, 2018
bf44d28
Merge pull request #551 from uspki/draftRev4
lachellel Nov 6, 2018
3c6bb0f
vulnerability scan requirements
debcooley Dec 12, 2018
ff4bdf9
Merge pull request #558 from debcooley/patch-7
lachellel Dec 14, 2018
d6c490d
section 1 updates for crl #556
lachellel Dec 14, 2018
1a9d6d2
section 2 updates for crl #556:
lachellel Dec 14, 2018
9d09383
section 4 updates for crl #556
lachellel Dec 14, 2018
c34c5ad
section 5.7.3 updates for crl #556
lachellel Dec 14, 2018
fcacbdb
server auth cert profile update for clr #556
lachellel Dec 14, 2018
718fda2
section 5.8 update for crl #556
lachellel Dec 14, 2018
0044051
added DR requirements back to section 5.7.1; fixes #555
lachellel Dec 14, 2018
d674d7e
Update README.md
Jan 10, 2019
d9f7b76
Update for SC13
Feb 1, 2019
0ed480f
Update for SC12
Feb 1, 2019
f2f758f
Update for SC12
Feb 1, 2019
79d0841
Update for SC12
Feb 1, 2019
8fa2c0b
Change Must to Shall
Feb 1, 2019
8397ace
Change Must to Shall
Feb 1, 2019
0b47776
Update Revision Table
Feb 1, 2019
3a99b3b
Update for SC14
Feb 1, 2019
f289961
Update for SC06
Feb 1, 2019
6a167e6
Merge pull request #563 from uspki/sc6
Feb 5, 2019
81cfb41
Merge pull request #564 from uspki/sc12
Feb 5, 2019
463451a
Merge branch 'sc14' into sc13
Feb 5, 2019
170f286
Merge pull request #565 from uspki/sc13
Feb 5, 2019
49527a4
Merge branch 'draftRev4' into sc14
Feb 5, 2019
8a39df5
updated for SC06
lachellel Feb 6, 2019
6046840
Merge pull request #566 from uspki/sc14
lachellel Feb 6, 2019
0eeeca8
Update certificate-policy.md
lachellel Feb 6, 2019
337954d
Merge pull request #567 from uspki/draftRev4
lachellel Feb 22, 2019
07d3f45
Merging preview website updates to master (#572)
lachellel Feb 26, 2019
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 11 additions & 9 deletions 02-policy-page.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,24 +3,26 @@ layout: base
permalink: /certificatepolicy/

subnav:
- text: Revision History
href: "#revision-history"
- text: 1. Introduction
href: "#introduction"
href: "#1-introduction"
- text: 2. Publication and Repository Responsibilities
href: "#publication-and-repository-responsibilities"
href: "#2-publication-and-repository-responsibilities"
- text: 3. Identification and Authentication
href: "#identification-and-authentication"
href: "#3-identification-and-authentication"
- text: 4. Certificate Life-Cycle Operational Requirements
href: "#certificate-life-cycle-operational-requirements"
href: "#4-certificate-life-cycle-operational-requirements"
- text: 5. Management, Operational, and Physical Controls
href: "#management-operational-and-physical-controls"
href: "#5-management-operational-and-physical-controls"
- text: 6. Technical Security Controls
href: "#technical-security-controls"
href: "#6-technical-security-controls"
- text: 7. Certificate, CRL, and OCSP Profiles
href: "#certificate-crl-and-ocsp-profiles"
href: "#7-certificate-crl-and-ocsp-profiles"
- text: 8. Compliance Audit and Other Assessments
href: "#compliance-audit-and-other-assessments"
href: "#8-compliance-audit-and-other-assessments"
- text: 9. Other Business and Legal Matters
href: "#other-business-and-legal-matters"
href: "#9-other-business-and-legal-matters"
- text: Appendix A Definitions
href: "#appendix-a-definitions"
- text: Appendix B Acronyms
Expand Down
5 changes: 2 additions & 3 deletions 03-profile-page.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,15 @@ subnav:

This section specifies the X.509 version 3 certificate profiles, version 2 Certificate Revocation List (CRL) profile, and Online Certificate Status Protocol (OCSP) Response profile for the U.S. Federal Public Trust TLS PKI Certificate Policy. In cases where the profiles and Section 7 of this CP are in conflict, Section 7 takes precedence and is authoritative.

Certificates issued under this policy are categorized as CA Certificates or Subscriber Certificates. This Certificate Policy defines five (5) different types of certificates (See Section 1.1.3) and four associated certificate profiles.
Certificates issued under this policy are categorized as CA Certificates, Subscriber Certificates or Infrastructure Certificates. This Certificate Policy defines five (5) different types of certificates (See Section 1.1.3) and four associated certificate profiles.

| **Category** | **Certificate Type** | **Profile** |
| :-------- | :----------------------- | :----------------------- |
| CA Certificate | Root CA Certificate | Self-Signed Root CA Certificate Profile |
| CA Certificate | Subordinate CA Certificate | Subordinate CA Certificate Profile |
| Subscriber Certificate | Domain Validation TLS Server Authentication Certificates | Server Authentication Certificate Profile |
| Subscriber Certificate | Organization Validation TLS Server Authentication Certificates | Server Authentication Certificate Profile |
| Subscriber Certificate | Delegated OCSP Responder Certificates | Delegated OCSP Responder Certificate Profile |
| Infrastructure Certificate | Delegated OCSP Responder Certificates | Delegated OCSP Responder Certificate Profile |

There are two profiles covering the Certificate Revocation Lists and OCSP Responses.

Expand All @@ -46,4 +46,3 @@ There are two profiles covering the Certificate Revocation Lists and OCSP Respon
{% include_relative certificate-profile-OCSP-responder.md %}
{% include_relative crl-profile.md %}
{% include_relative ocsp-response-profile.md %}

2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ Direct changes and line edits to the content may be submitted through a pull req

This repository is for open and transparent public reviews and contributions. The General Services Administration is supporting this effort and maintains the repository for the US Federal Government.

Please contact eric.mill at gsa dot gov or lachelle.levan at gsa dot gov with questions.
Please contact lachelle.levan at gsa dot gov with questions.

### Public domain

Expand Down
6 changes: 3 additions & 3 deletions _config.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
title: U.S. Federal Public Trust TLS Certificate Policy (Version 2 Draft)
title: U.S. Federal Public Trust TLS Certificate Policy (Version 0.4 Draft)
small_title: U.S. Federal Public Trust TLS PKI
smallest_title: U.S. Federal Public Trust TLS PKI
description: Certificate Policy for a new public key infrastructure for TLS certificates for public .gov and .mil websites.
Expand All @@ -10,10 +10,10 @@ baseurl: ''
branch: policy-pages
# Federalist overwrites the site.branch value when deploying
# the site.branch was used in dynamic link generation for objects including Edit Page
# we want the dynamic links to send users to the staging branch. New site variable to ensure Edit Page sends users to the correct branch for pull requests.
# we want the dynamic links to send users to the the primary editing branch. editbranch is the new site variable to ensure Edit Page sends users to the correct branch for pull requests.
editbranch: master

report_url: "https://devicepki.idmanagement.gov/assets/docs/US_Federal_Public_Trust_TLS_Certificate_Policy_v0_2.pdf"
report_url: "assets/docs/US_Federal_Public_Trust_TLS_Certificate_Policy_v0_4.pdf"

google_analytics_ua:
repo: https://github.com/uspki/policies
Expand Down
6 changes: 3 additions & 3 deletions _includes/fpki-document-header.html
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@

## Certificate Policy

**DRAFT FOR FINAL REVIEW**
**DRAFT FOR REVIEW**

**Version 0.2**
**Version 0.4**

**February 1, 2018**
**February 25, 2019**
</div>
4 changes: 2 additions & 2 deletions _includes/header.html
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@

<ul class="usa-button-list usa-unstyled-list">
<li>
<a class="usa-button" target="_blank" href="{{ site.report_url }}">
<a class="usa-button" target="_blank" href="{{ site.baseurl}}/{{site.report_url }}">
Download as a PDF
</a>
</li>
Expand Down Expand Up @@ -62,7 +62,7 @@

<ul class="usa-button-list usa-unstyled-list">
<li>
<a class="usa-button" target="_blank" href="{{ site.report_url }}">
<a class="usa-button" target="_blank" href="{{ site.baseurl}}/{{site.report_url }}">
Download as a PDF
</a>
</li>
Expand Down
Binary file not shown.
Binary file not shown.
Loading