Closed
Bug 1132496
Opened 10 years ago
Closed 10 years ago
February 2015 batch of root CA changes
Categories
(NSS :: CA Certificates Code, task)
Tracking
(Not tracked)
RESOLVED
FIXED
3.18
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(1 file)
(deleted),
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
February 2015 batch of root CA changes
Assignee | ||
Updated•10 years ago
|
Assignee | ||
Comment 1•10 years ago
|
||
Assignee | ||
Comment 2•10 years ago
|
||
Comment on attachment 8563480 [details] [diff] [review]
patch v1
Test build using this patch:
https://ftp-ssl.mozilla.org/pub/mozilla.org/firefox/try-builds/kaie@kuix.de-cb8002df70cc/
Comment 3•10 years ago
|
||
Thanks Kai!
I reviewed the patch, and it is as requested. I also successfully verified the changes in the test build.
I've requested that the CAs also test.
Comment 4•10 years ago
|
||
"Distrust a pb.com certificate that does not comply with the baseline requirements."
Do we need this after the Equifax root removal?
Comment 5•10 years ago
|
||
Thinking about it, this was added in bug 966350. In retrospect, IMO we shouldn't have cared about the 1024-bit cert that was directly issued from a 1024-bit root that was going to be removed after 2013 anyway.
Comment 6•10 years ago
|
||
And there is nothing unusual about the issue and expiration date either. I think that GeoTrust/RapidSSL definitely sold 5 year certificate even in 2010.
Comment 7•10 years ago
|
||
(In reply to Kathleen Wilson from comment #3)
> Thanks Kai!
>
> I reviewed the patch, and it is as requested. I also successfully verified
> the changes in the test build.
>
> I've requested that the CAs also test.
The CAs have successfully completed their testing.
So, this patch is ready for official code review, etc.
Thanks!
Assignee | ||
Updated•10 years ago
|
Attachment #8563480 -
Flags: review?(rrelyea)
Updated•10 years ago
|
Attachment #8563480 -
Flags: review?(rrelyea) → review+
Assignee | ||
Comment 8•10 years ago
|
||
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 9•10 years ago
|
||
Yuhong Bao,
if you think there is need for discussing your questions, I suggest you could post to the mozilla.dev.security.policy list.
(This bug is to track action that have already been decided on that list.)
Thanks
Blocks: 1155279
You need to log in
before you can comment on or make changes to this bug.
Description
•