Closed
Bug 1132496
Opened 10 years ago
Closed 10 years ago
February 2015 batch of root CA changes
Categories
(NSS :: CA Certificates Code, task)
Tracking
(Not tracked)
RESOLVED
FIXED
3.18
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(1 file)
90.90 KB,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
February 2015 batch of root CA changes
Assignee | ||
Updated•10 years ago
|
Assignee | ||
Comment 1•10 years ago
|
||
Assignee | ||
Comment 2•10 years ago
|
||
Comment on attachment 8563480 [details] [diff] [review] patch v1 Test build using this patch: https://ftp-ssl.mozilla.org/pub/mozilla.org/firefox/try-builds/kaie@kuix.de-cb8002df70cc/
Comment 3•10 years ago
|
||
Thanks Kai! I reviewed the patch, and it is as requested. I also successfully verified the changes in the test build. I've requested that the CAs also test.
Comment 4•10 years ago
|
||
"Distrust a pb.com certificate that does not comply with the baseline requirements." Do we need this after the Equifax root removal?
Comment 5•10 years ago
|
||
Thinking about it, this was added in bug 966350. In retrospect, IMO we shouldn't have cared about the 1024-bit cert that was directly issued from a 1024-bit root that was going to be removed after 2013 anyway.
Comment 6•10 years ago
|
||
And there is nothing unusual about the issue and expiration date either. I think that GeoTrust/RapidSSL definitely sold 5 year certificate even in 2010.
Comment 7•10 years ago
|
||
(In reply to Kathleen Wilson from comment #3) > Thanks Kai! > > I reviewed the patch, and it is as requested. I also successfully verified > the changes in the test build. > > I've requested that the CAs also test. The CAs have successfully completed their testing. So, this patch is ready for official code review, etc. Thanks!
Assignee | ||
Updated•10 years ago
|
Attachment #8563480 -
Flags: review?(rrelyea)
Updated•10 years ago
|
Attachment #8563480 -
Flags: review?(rrelyea) → review+
Assignee | ||
Comment 8•10 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/484e72583add
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 9•10 years ago
|
||
Yuhong Bao, if you think there is need for discussing your questions, I suggest you could post to the mozilla.dev.security.policy list. (This bug is to track action that have already been decided on that list.) Thanks
You need to log in
before you can comment on or make changes to this bug.
Description
•