Remove America Online Root Certification Authority 1 and 2 root certificates from NSS

RESOLVED FIXED

Status

NSS
CA Certificates Code
--
enhancement
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: Kathleen Wilson, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: Changes are in NSS 3.17.3, Firefox 36)

(Reporter)

Description

3 years ago
Please remove the following two root certificates from NSS:

CN = America Online Root Certification Authority 1
O = America Online Inc.
SHA-1 Fingerprint: 39:21:C1:15:C1:5D:0E:CA:5C:CB:5B:C4:F0:7D:21:D8:05:0B:56:6A

CN = America Online Root Certification Authority 2
O = America Online Inc.
SHA-1 Fingerprint: 85:B5:FF:67:9B:0C:79:96:1F:C8:6E:44:22:00:46:13:DB:17:92:84


This was noted in AOL's response to the May CA Communication.
https://wiki.mozilla.org/CA:Communications#May_2014_Responses
"* Both roots may be removed after Dec 31, 2014"

I am in email contact with the corresponding Program Manager of Team AOL, and she said they are ready for these root certificates to be removed in Firefox 35.

Updated

3 years ago
Depends on: 1088147

Comment 1

3 years ago
Test builds, which removes the roots, can be found here:
http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/kaie@kuix.de-647a7fdc0b5a/
(Reporter)

Comment 2

3 years ago
I confirmed removal of these two root certificates in the test build.
(Reporter)

Updated

3 years ago
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Whiteboard: Changes are in NSS 3.17.3, Firefox 36

Comment 3

3 years ago
In this comment I'm simply documenting something I've looked up.

I learned these certificates used 2048-bit and 4096-bit keys, so I conclude these removals weren't motivated by phasing out 1024-bit keys.
You need to log in before you can comment on or make changes to this bug.