Closed
Bug 1750787
Opened 3 years ago
Closed 3 years ago
Store CRLite issuer enrollment in cert-revocations
Categories
(Core :: Security: PSM, defect, P3)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
99 Branch
People
(Reporter: jschanck, Assigned: jschanck)
References
(Blocks 2 open bugs)
Details
Attachments
(1 file)
|
(deleted),
text/x-phabricator-request
|
Details |
We read the enrollment of issuers from the intermediates collection in Remote Settings and we read filters from cert-revocations. Since these are two separate operations, we can get into a state where we enroll an intermediate prior to having a filter that covers its certificates. This can lead to mislabelling, so we should defer enrolling intermediates until after we've downloaded the most recent filter.
|
Assignee | |
Comment 1•3 years ago
|
||
After reviewing the options, it believe that the space savings afforded by storing enrollment in intermediates cannot justify the risk of mislabellings. We should store the enrollment list in cert-revocations so that updates can be processed atomically. I've updated the title of this bug.
Summary: Defer enrollment of issuers in CRLite until next filter is published → Store CRLite issuer enrollment in cert-revocations
|
|
Assignee | |
Updated•3 years ago
|
|
|
Assignee | |
Comment 2•3 years ago
|
||
Pushed by jschanck@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4000eb2cd181 get CRLite enrollment list from cert-revocations. r=keeler
|
||
Comment 4•3 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox99:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 99 Branch
|
||
Updated•3 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•