Closed
Bug 1007986
Opened 10 years ago
Closed 10 years ago
Remove 1024 bit roots from mozilla pin list
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla32
People
(Reporter: cviecco, Assigned: cviecco)
Details
Attachments
(1 file, 1 obsolete file)
8.18 KB,
patch
|
cviecco
:
review+
|
Details | Diff | Splinter Review |
Currently the mozilla pin list contains 7 pins that are 1024 bit. We should remove these from our pinning set.
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → cviecco
Assignee | ||
Comment 1•10 years ago
|
||
Assignee | ||
Updated•10 years ago
|
Attachment #8419794 -
Flags: review?(mmc)
Assignee | ||
Comment 2•10 years ago
|
||
I talked with keeler, he agreed that you can r+ this one (once you think is ok)
Flags: needinfo?(mmc)
Comment 3•10 years ago
|
||
Comment on attachment 8419794 [details] [diff] [review] remove-1024-roots-from-pinset Review of attachment 8419794 [details] [diff] [review]: ----------------------------------------------------------------- ::: security/manager/tools/PreloadedHPKPins.json @@ +33,5 @@ > // In that same bug we also notice that our cdn sites use Verisign and > // Baltimore > "name": "mozilla", > "static_spki_hashes": [ > + // 1024 bit "GTE CyberTrust Global Root", Can you just remove these? I don't think they add much being in the comments. You can instead just add a single comment that says this list omits 1024-bit certificates.
Comment 4•10 years ago
|
||
Comment on attachment 8419794 [details] [diff] [review] remove-1024-roots-from-pinset Review of attachment 8419794 [details] [diff] [review]: ----------------------------------------------------------------- Please fix before checking in.
Attachment #8419794 -
Flags: review?(mmc) → review+
Updated•10 years ago
|
Flags: needinfo?(mmc)
Assignee | ||
Comment 5•10 years ago
|
||
keeping r+ from mmc
Attachment #8419794 -
Attachment is obsolete: true
Attachment #8420228 -
Flags: review+
Assignee | ||
Comment 6•10 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=228849d14426
Comment 7•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/03d54c37d264
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
Updated•10 years ago
|
OS: Linux → All
Hardware: x86_64 → All
Comment 8•10 years ago
|
||
Aren't we going to remove 1024 bit roots from our root store soon anyway?
You need to log in
before you can comment on or make changes to this bug.
Description
•