Closed Bug 1007986 Opened 10 years ago Closed 10 years ago

Remove 1024 bit roots from mozilla pin list

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla32

People

(Reporter: cviecco, Assigned: cviecco)

Details

Attachments

(1 file, 1 obsolete file)

remove-1024-roots-from-pinset
8.18 KB, patch
cviecco
: review+
Details | Diff | Splinter Review 
Currently the mozilla pin list contains 7 pins that are 1024 bit. We should remove these from our pinning set.
Assignee: nobody → cviecco
Attached patch remove-1024-roots-from-pinset (obsolete) — Splinter Review 

    
  

        Attachment #8419794 -
        Flags: review?(mmc)

    
    

    
  
I talked with keeler, he agreed that you can r+ this one (once you think is ok)
Flags: needinfo?(mmc)

    
    

    
  
Comment on attachment 8419794 [details] [diff] [review]
remove-1024-roots-from-pinset

Review of attachment 8419794 [details] [diff] [review]:
-----------------------------------------------------------------

::: security/manager/tools/PreloadedHPKPins.json
@@ +33,5 @@
>        // In that same bug we also notice that our cdn sites use Verisign and
>        // Baltimore
>        "name": "mozilla",
>        "static_spki_hashes": [
> +        // 1024 bit "GTE CyberTrust Global Root",

Can you just remove these? I don't think they add much being in the comments. You can instead just add a single comment that says this list omits 1024-bit certificates.

    
    

    
  
Comment on attachment 8419794 [details] [diff] [review]
remove-1024-roots-from-pinset

Review of attachment 8419794 [details] [diff] [review]:
-----------------------------------------------------------------

Please fix before checking in.

        Attachment #8419794 -
        Flags: review?(mmc) → review+
Flags: needinfo?(mmc)

    
    

    
  


  
keeping r+ from mmc

        Attachment #8419794 -
        Attachment is obsolete: true

        Attachment #8420228 -
        Flags: review+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/03d54c37d264
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
OS: Linux → All
Hardware: x86_64 → All

    
    

    
  
Aren't we going to remove 1024 bit roots from our root store soon anyway?

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: