[EAS] Sage Required Update
Sean Donelan
sean at donelan.com
Tue Oct 8 10:09:26 CDT 2019
On Tue, 8 Oct 2019, Mike McCarthy wrote:
> That leaves 30 days (as of this morning) for the entire pool of 3644 users
> to update their boxes in order to maintain IPAWS connectivity if the Nov.
> 8 date is to be enforced.
That's one of those "how many angels can dance on the head of a pin"
federal public-key infrastructure questions.
I checked the Federal PKI website this morning, and it indicates the new
Federal Bridge CA 2019 will be issued toward the end of October.
https://fpki.idmanagement.gov/notifications/
Whether this impacts IPAWS depends on which CAs IPAWS has used as well as
how various CAP/EAS vendors implement digital signature checking. One of
the age-old debates in the PKI-world is if the expiration of an
intermediate CA certificate change the validity of certificates signed by
that CA.
Some argue that things signed during the valid period are still valid,
others argue that signatures are invalid if any certificate in the chain
is expired when checked.
More information about the EAS
mailing list