Closed
Bug 542051
Opened 14 years ago
Closed 14 years ago
Add SHA1 versions of "Thawte Server CA" and "Thawte Premium Server CA" roots
Categories
(CA Program :: CA Certificate Root Program, task)
CA Program
CA Certificate Root Program
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: tony_berman, Assigned: kathleen.a.wilson)
Details
(Whiteboard: Information incomplete)
Attachments
(2 files)
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; MS-RTC LM 8; InfoPath.1) Build Identifier: Please include SHA1 versions of the "Thawte Server CA" and "Thawte Premium Server CA". The version of the root currently in the NSS root store uses MD5. We are replacing this with a rehashed version that uses SHA1. The new SHA-1 root has the same name and public key but a different serial number. Reproducible: Always
Reporter | ||
Comment 1•14 years ago
|
||
Reporter | ||
Comment 2•14 years ago
|
||
Comment 3•14 years ago
|
||
assuming that you're a colleague of Jay Schiavo (mentioned in other requests like bug 484903 and bug 409237), I'm moving this to the correct category.
Assignee: nobody → kathleen95014
Status: UNCONFIRMED → NEW
Component: Security → CA Certificates
Ever confirmed: true
Product: Firefox → mozilla.org
QA Contact: firefox → ca-certificates
Version: unspecified → other
Assignee | ||
Comment 4•14 years ago
|
||
Both of these roots are SHA1, 1024-bit. I believe that the purpose of including these roots at this point in time would be to transition off of the equivalent MD5 roots that are currently in NSS. However, it looks like we will be disabling MD5 via an NSS environment variable, so perhaps the certs under those MD5 roots don't need to be migrated to these Sha1 roots? Also note that the root inclusion process takes about a year: https://wiki.mozilla.org/CA:How_to_apply#Timeline So these roots would likely get included after the cutoff date for CAs to stop issuing certs under 1024-bit roots.
Status: NEW → ASSIGNED
Assignee | ||
Updated•14 years ago
|
Whiteboard: Information incomplete
Assignee | ||
Comment 5•14 years ago
|
||
Tony, Can this bug be closed?
Assignee | ||
Comment 6•14 years ago
|
||
We are no longer adding 1024-bit roots.
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → WONTFIX
Updated•7 years ago
|
Product: mozilla.org → NSS
Updated•1 year ago
|
Product: NSS → CA Program
You need to log in
before you can comment on or make changes to this bug.
Description
•