Closed Bug 1419427 Opened 7 years ago Closed 2 years ago

OneCRL: Distrust CAs based on issued certs' NotBefore dates

Categories

(Core :: Security: PSM, enhancement, P2)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1465613
Milestone:
Future
Tracking Flags:
Tracking Status
firefox59 --- affected

People

(Reporter: jcj, Unassigned)

Details

It would be helpful, when winding down a PKI, to be able to distrust a CA's actions after a certain date (as measured by the NotBefore validity field).

For example, if the "Honest Achmed's Used Cars and Certificates" CA was being disabled after 1 January 2018, an end entity issued via that hierarchy to Iskender with a notBefore date of 21 November 2017 would be trusted normally, while a certificate issued to his cousin's friend Emin with a notBefore date of February 2018 would be distrusted.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.