Closed
Bug 1419427
Opened 7 years ago
Closed 2 years ago
OneCRL: Distrust CAs based on issued certs' NotBefore dates
Categories
(Core :: Security: PSM, enhancement, P2)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 1465613
Future
Tracking | Status | |
---|---|---|
firefox59 | --- | affected |
People
(Reporter: jcj, Unassigned)
Details
It would be helpful, when winding down a PKI, to be able to distrust a CA's actions after a certain date (as measured by the NotBefore validity field). For example, if the "Honest Achmed's Used Cars and Certificates" CA was being disabled after 1 January 2018, an end entity issued via that hierarchy to Iskender with a notBefore date of 21 November 2017 would be trusted normally, while a certificate issued to his cousin's friend Emin with a notBefore date of February 2018 would be distrusted.
Updated•2 years ago
|
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•