February 2015 batch of root CA changes

RESOLVED FIXED in 3.18

Status

RESOLVED FIXED
4 years ago
a year ago

People

(Reporter: kaie, Assigned: kaie)

Tracking

3.18
3.18
x86_64
Linux
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

4 years ago
February 2015 batch of root CA changes
(Assignee)

Updated

4 years ago
(Assignee)

Comment 1

4 years ago
Created attachment 8563480 [details] [diff] [review]
patch v1

Updated

4 years ago
Blocks: 1132689

Comment 3

4 years ago
Thanks Kai!

I reviewed the patch, and it is as requested. I also successfully verified the changes in the test build.

I've requested that the CAs also test.

Comment 4

4 years ago
"Distrust a pb.com certificate that does not comply with the baseline requirements."
Do we need this after the Equifax root removal?

Comment 5

4 years ago
Thinking about it, this was added in bug 966350. In retrospect, IMO we shouldn't have cared about the 1024-bit cert that was directly issued from a 1024-bit root that was going to be removed after 2013 anyway.

Comment 6

4 years ago
And there is nothing unusual about the issue and expiration date either. I think that GeoTrust/RapidSSL definitely sold 5 year certificate even in 2010.

Comment 7

4 years ago
(In reply to Kathleen Wilson from comment #3)
> Thanks Kai!
> 
> I reviewed the patch, and it is as requested. I also successfully verified
> the changes in the test build.
> 
> I've requested that the CAs also test.

The CAs have successfully completed their testing.

So, this patch is ready for official code review, etc.

Thanks!
(Assignee)

Updated

4 years ago
Attachment #8563480 - Flags: review?(rrelyea)

Updated

4 years ago
Attachment #8563480 - Flags: review?(rrelyea) → review+
(Assignee)

Comment 8

4 years ago
https://hg.mozilla.org/projects/nss/rev/484e72583add
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
(Assignee)

Comment 9

4 years ago
Yuhong Bao,
if you think there is need for discussing your questions, I suggest you could post to the mozilla.dev.security.policy list.
(This bug is to track action that have already been decided on that list.)
Thanks
(Assignee)

Updated

4 years ago
Blocks: 1137470

Updated

4 years ago
Blocks: 1138716
Blocks: 1155279
You need to log in before you can comment on or make changes to this bug.