February 2015 batch of root CA changes
Comment on attachment 8563480 [details] [diff] [review] patch v1 Test build using this patch: https://email@example.com/
Thanks Kai! I reviewed the patch, and it is as requested. I also successfully verified the changes in the test build. I've requested that the CAs also test.
"Distrust a pb.com certificate that does not comply with the baseline requirements." Do we need this after the Equifax root removal?
Thinking about it, this was added in bug 966350. In retrospect, IMO we shouldn't have cared about the 1024-bit cert that was directly issued from a 1024-bit root that was going to be removed after 2013 anyway.
And there is nothing unusual about the issue and expiration date either. I think that GeoTrust/RapidSSL definitely sold 5 year certificate even in 2010.
(In reply to Kathleen Wilson from comment #3) > Thanks Kai! > > I reviewed the patch, and it is as requested. I also successfully verified > the changes in the test build. > > I've requested that the CAs also test. The CAs have successfully completed their testing. So, this patch is ready for official code review, etc. Thanks!
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Yuhong Bao, if you think there is need for discussing your questions, I suggest you could post to the mozilla.dev.security.policy list. (This bug is to track action that have already been decided on that list.) Thanks
You need to log in before you can comment on or make changes to this bug.