Closed Bug 1132496 Opened 10 years ago Closed 10 years ago

February 2015 batch of root CA changes

Categories

(NSS :: CA Certificates Code, task)

Product:
NSS
Component:
CA Certificates Code
Version:
3.18
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Attachments

(1 file)

patch v1
90.90 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review 
February 2015 batch of root CA changes
Attached patch patch v1Splinter Review 

    
  
Blocks: 1132689

    
    

    
  
Thanks Kai!

I reviewed the patch, and it is as requested. I also successfully verified the changes in the test build.

I've requested that the CAs also test.

    
    

    
  
"Distrust a pb.com certificate that does not comply with the baseline requirements."
Do we need this after the Equifax root removal?

    
    

    
  
Thinking about it, this was added in bug 966350. In retrospect, IMO we shouldn't have cared about the 1024-bit cert that was directly issued from a 1024-bit root that was going to be removed after 2013 anyway.

    
    

    
  
And there is nothing unusual about the issue and expiration date either. I think that GeoTrust/RapidSSL definitely sold 5 year certificate even in 2010.

    
    

    
  
(In reply to Kathleen Wilson from comment #3)
> Thanks Kai!
> 
> I reviewed the patch, and it is as requested. I also successfully verified
> the changes in the test build.
> 
> I've requested that the CAs also test.

The CAs have successfully completed their testing.

So, this patch is ready for official code review, etc.

Thanks!

    
  

        Attachment #8563480 -
        Flags: review?(rrelyea)

    
  

        Attachment #8563480 -
        Flags: review?(rrelyea) → review+

    
    

    
  
https://hg.mozilla.org/projects/nss/rev/484e72583add
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED

    
    

    
  
Yuhong Bao,
if you think there is need for discussing your questions, I suggest you could post to the mozilla.dev.security.policy list.
(This bug is to track action that have already been decided on that list.)
Thanks

    
  
Blocks: 1137470

    
  
Blocks: 1138716

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: