Merge pull request #531 from uspki/master

push v0.2 to devicepki.idmanagement.gov

02-policy-page.md

@@ -4,24 +4,32 @@ permalink: /certificatepolicy/
 
 subnav:
   - text: 1. Introduction
-    href: "#1-introduction"
+    href: "#introduction"
   - text: 2. Publication and Repository Responsibilities
-    href: "#2-publication-and-repository-responsibilities"
+    href: "#publication-and-repository-responsibilities"
   - text: 3. Identification and Authentication
-    href: "#3-identification-and-authentication"
+    href: "#identification-and-authentication"
   - text: 4. Certificate Life-Cycle Operational Requirements
-    href: "#4-certificate-life-cycle-operational-requirements"
+    href: "#certificate-life-cycle-operational-requirements"
   - text: 5. Management, Operational, and Physical Controls
-    href: "#5-management-operational-and-physical-controls"
+    href: "#management-operational-and-physical-controls"
   - text: 6. Technical Security Controls
-    href: "#6-technical-security-controls"
+    href: "#technical-security-controls"
   - text: 7. Certificate, CRL, and OCSP Profiles
-    href: "#7-certificate-crl-and-ocsp-profiles"
+    href: "#certificate-crl-and-ocsp-profiles"
   - text: 8. Compliance Audit and Other Assessments
-    href: "#8-compliance-audit-and-other-assessments"
+    href: "#compliance-audit-and-other-assessments"
+  - text: 9. Other Business and Legal Matters
+    href: "#other-business-and-legal-matters"
+  - text: Appendix A Definitions
+    href: "#appendix-a-definitions"
+  - text: Appendix B Acronyms
+    href: "#appendix-b-acronyms"
+  - text: Appendix C References
+    href: "#appendix-c-references"
+  - text: Appendix D Certificate Profiles
+    href: "#appendix-d-certificate-profiles"
 ---
 
 {% include fpki-document-header.html %}
-<!-- TODO fix markdown -->
-
 {% include_relative certificate-policy.md %}

03-profile-page.md

@@ -6,36 +6,44 @@ subnav:
   - text: Self-Signed Root CA
     href: "#self-signed-root-ca-certificate-profile"
   - text: Subordinate CA
-    href: "#intermediate-or-subordinate-ca-certificate-profile"
+    href: "#subordinate-ca-certificate-profile"
   - text: Server Authentication
     href: "#server-authentication-certificate-profile"
   - text: Delegated OCSP Responder
     href: "#delegated-ocsp-responder-certificate-profile"
-  - text: OCSP Response Profile
-    href: "#ocsp-response-profile"
   - text: CRL Profile
     href: "#crl-profile"
+  - text: OCSP Response Profile
+    href: "#ocsp-response-profile"
 
 ---
 ## Certificate Profiles
-This section specifies the X.509 version 3 certificate and version 2 certificate revocation list (CRL) profiles for the Federal Public Trust Device PKI Certificate Policy.  In cases where the profiles and Section 7 of the Certificate Policy are in conflict, Section 7 takes precedence and is authoritative.
+{% include alert-info.html content="The certificate profiles are included as Appendix D in the Certificate Policy.  This page directly references Appendix D content." %}
+
+This section specifies the X.509 version 3 certificate profiles, version 2 Certificate Revocation List (CRL) profile, and Online Certificate Status Protocol (OCSP) Response profile for the U.S. Federal Public Trust TLS PKI Certificate Policy.  In cases where the profiles and Section 7 of this CP are in conflict, Section 7 takes precedence and is authoritative.
 
-Four certificate profiles covered by this Certificate Policy are defined.  
+Certificates issued under this policy are categorized as CA Certificates or Subscriber Certificates.  This Certificate Policy defines five (5) different types of certificates (See Section 1.1.3) and four associated certificate profiles.  
 
-- [Self-Signed Root CA Certificate Profile](#self-signed-root-ca-certificate-profile)
-- [Intermediate or Subordinate CA Certificate Profile](#intermediate-or-subordinate-ca-certificate-profile)
-- [Server Authentication Certificate Profile](#server-authentication-certificate-profile)
-- [Delegated OCSP Responder Certificate Profile](#delegated-ocsp-responder-certificate-profile)
+| **Category** | **Certificate Type**  | **Profile**  |
+| :-------- | :----------------------- | :----------------------- |
+| CA Certificate | Root CA Certificate | Self-Signed Root CA Certificate Profile |  
+| CA Certificate | Subordinate CA Certificate | Subordinate CA Certificate Profile |
+| Subscriber Certificate | Domain Validation TLS Server Authentication Certificates |  Server Authentication Certificate Profile |
+| Subscriber Certificate | Organization Validation TLS Server Authentication Certificates |  Server Authentication Certificate Profile |
+| Subscriber Certificate | Delegated OCSP Responder Certificates |  Delegated OCSP Responder Certificate Profile |
 
-In addition, there are two profiles covering the OCSP _Responses_ and the Certificate Revocation Lists.
+There are two profiles covering the Certificate Revocation Lists and OCSP Responses.
+
+| **Type** | **Profile**  |
+| :-------- | :----------------------- |
+| Certificate Revocation Lists |  CRL Profile |
+| Online Certificate Status Protocol (OCSP) Responses | OCSP Response Profile |
 
-- [OCSP Response Profile](#ocsp-response-profile)
-- [CRL Profile](#crl-profile)
 
 {% include_relative certificate-profile-root-CA.md %}  
 {% include_relative certificate-profile-subordinate-CA.md %}  
 {% include_relative certificate-profile-server-authentication.md %}  
 {% include_relative certificate-profile-OCSP-responder.md %}  
-
-{% include_relative ocsp-response-profile.md %}  
 {% include_relative crl-profile.md %}
+{% include_relative ocsp-response-profile.md %}  
+

_config.yml

@@ -1,7 +1,7 @@
-title: Federal Public Trust Device PKI Certificate Policy (Draft)
-small_title: Federal Public Trust Device PKI
-smallest_title: Federal Public Trust Device PKI
-description: Certificate Policy for a proposed new device public key infrastructure for the public trust of DotGov and DotMil websites.
+title: U.S. Federal Public Trust TLS Certificate Policy (Version 2 Draft)
+small_title: U.S. Federal Public Trust TLS PKI
+smallest_title: U.S. Federal Public Trust TLS PKI
+description: Certificate Policy for a new public key infrastructure for TLS certificates for public .gov and .mil websites.
 email: [email protected]
 author:
     name: FICAM
@@ -13,7 +13,7 @@ branch: policy-pages
 # we want the dynamic links to send users to the staging branch.  New site variable to ensure Edit Page sends users to the correct branch for pull requests.
 editbranch: master
 
-report_url: "https://devicepki.idmanagement.gov/assets/docs/Federal_Public_Trust_Device_PKI_Certificate_Policy_Draft_v0_1_September2017.pdf"
+report_url: "https://devicepki.idmanagement.gov/assets/docs/US_Federal_Public_Trust_TLS_Certificate_Policy_v0_2.pdf"
 
 google_analytics_ua:
 repo: https://github.com/uspki/policies

_data/navigation.yml

@@ -2,28 +2,20 @@
 primary:
   - text: "Background"
     href: /
-  - text: "Request For Comment"
-    href: /requestcomment/
   - text: "Certificate Policy"
     href: /certificatepolicy/
   - text: "Certificate Profiles"
     href: /certificateprofiles/
-
+  - text: "Submit Comments"
+    href: /comment/
 
 mobile:
   - text: "Background"
     href: /
-  - text: "Request For Comment"
-    href: /requestcomment/
   - text: "Certificate Policy"
     href: /certificatepolicy/
   - text: "Certificate Profiles"
     href: /certificateprofiles/
+  - text: "Submit Comments"
+    href: /comment/
 
-secondary:
-  - text: "IDmanagement.gov"
-    href: https://www.idmanagement.gov
-  - text: "Federal ICAM Architecture"
-    href: https://arch.idmanagement.gov
-  - text: "Federal PKI Guides"
-    href: https://fpki.idmanagement.gov

_includes/fpki-document-header.html

@@ -1,13 +1,13 @@
 <div class="text-right" markdown="1">
 ![](/assets/img/fpkipa.png)
 
-## Federal Public Trust Device
+## U.S. Federal Public Trust TLS PKI
 
 ## Certificate Policy
 
-**DRAFT**
+**DRAFT FOR FINAL REVIEW**
 
-**Version 0.1**
+**Version 0.2**
 
-**September 2017**
+**February 1, 2018**
 </div>