Open
Bug 1221033
Opened 9 years ago
Updated 2 years ago
Make expiry non-overrideable for short-lived certificates
Categories
(Core :: Security: PSM, defect, P3)
Core
Security: PSM
Tracking
()
NEW
People
(Reporter: gerv, Unassigned)
Details
(Whiteboard: [psm-backlog])
If a certificate is short-lived according to the definition in bug 1141189, I suggest it would be an improvement to make it so that revocation is non-overrideable. "Revocation" for a short-lived certificate means letting it expire, and so we should treat expiry and revocation the same. Sites which opt in to using short-lived certs should know that rotating their certs in a timely fashion is important. We may want to gate this on bugs which allow Firefox to have a better idea of what time it really is (as opposed to looking at the system clock, which can be wrong.) Gerv
Whiteboard: [psm-backlog]
This is probably blocked on us having a better idea of what time it is, independent of the user's system clock.
Priority: -- → P3
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•