Since we use ACES certificates for sending healthcare information in a way that 
mimimizes MITM, I was surprised to read the following.

"The Federal PKI has cross-certified other agencies and commercial CAs, which 
means their certificates will be trusted by clients that trust the Federal PKI. 
However, none of these roots are publicly trusted. Even when a publicly trusted 
commercial CA is cross-certified with the Federal PKI, they maintain complete 
separation between their publicly trusted certificates and their Federal PKI 
cross-certified certificates.

As a result, there is not currently a viable way to obtain an individual 
certificate for use in TLS/HTTPS that is issued or trusted by the Federal PKI, 
and also trusted by the general public."

Source CIO Council

The new ACES CP dated Jan 17 2017 does not assure public use of the ACES root. 

dev-security-policy mailing list

Reply via email to