Ian G wrote: > > http://www.gcn.com/vol1_no1/daily-updates/31412-1.html > > 12/22/04 > > OMB mandates agency use of approved PKI providers > > By Jason Miller > GCN Staff > > The Office of Management and Budget is requiring agencies to use one of > three approved shared-service providers for public-key infrastructure > and electronic-signature services. > > These three service providers-the Agriculture Department's National > Finance Center, Verisign Inc. of Mountain View, Calif., and Betrusted > U.S. Inc. of New York-meet the level-four certification outlined in > OMB's December 2003 memo (See GCN story.
[remaining details snipped] Verisign and Betrusted both have WebTrust seals. Therefore, they meet the proposed policy for having their root certificates included in the Mozilla database. Regarding the Agriculture Department's National Finance Center (USDA NFC), I see the following at their Web site: "NFC�s CA was certified and accredited through an extensive 18-month evaluation process with Klynvel Peat Marwick Goerdeler (KPMG)." This might indeed satisfy section 5.2 of the proposed policy (per the newest revisions). KPMG claims to be authorized to conduct WebTrust audits and thus satisfies section 5.3 of the proposed policy (without my suggested expansion). The USDA NFC subscriber base (those who obtain site and individual certificates signed by the NFC root certificate) is limited government agencies and contractors of those agencies. Thus, I'm not sure the USDA NFC would meet section 4.1 of the proposed policy. However, I know that some Web pages of federal agencies are secure and thus use site certificates. For example, the FTC's page for filing a complaint about violations of the "Do Not Call" registry has a certificate issued by Verisign. I don't know if the new OMB mandate will steer some agencies to the USDA NFC. -- David E. Ross <http://www.rossde.com/> I use Mozilla as my Web browser because I want a browser that complies with Web standards. See <http://www.mozilla.org/>. _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
