Closed
Bug 1132496
Opened 9 years ago
Closed 9 years ago
February 2015 batch of root CA changes
Categories
(NSS :: CA Certificates Code, task)
Tracking
(Not tracked)
RESOLVED
FIXED
3.18
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(1 file)
90.90 KB,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
February 2015 batch of root CA changes
Assignee | ||
Updated•9 years ago
|
Assignee | ||
Comment 1•9 years ago
|
||
Assignee | ||
Comment 2•9 years ago
|
||
Comment on attachment 8563480 [details] [diff] [review] patch v1 Test build using this patch: https://ftp-ssl.mozilla.org/pub/mozilla.org/firefox/try-builds/kaie@kuix.de-cb8002df70cc/
Comment 3•9 years ago
|
||
Thanks Kai! I reviewed the patch, and it is as requested. I also successfully verified the changes in the test build. I've requested that the CAs also test.
Comment 4•9 years ago
|
||
"Distrust a pb.com certificate that does not comply with the baseline requirements." Do we need this after the Equifax root removal?
Comment 5•9 years ago
|
||
Thinking about it, this was added in bug 966350. In retrospect, IMO we shouldn't have cared about the 1024-bit cert that was directly issued from a 1024-bit root that was going to be removed after 2013 anyway.
Comment 6•9 years ago
|
||
And there is nothing unusual about the issue and expiration date either. I think that GeoTrust/RapidSSL definitely sold 5 year certificate even in 2010.
Comment 7•9 years ago
|
||
(In reply to Kathleen Wilson from comment #3) > Thanks Kai! > > I reviewed the patch, and it is as requested. I also successfully verified > the changes in the test build. > > I've requested that the CAs also test. The CAs have successfully completed their testing. So, this patch is ready for official code review, etc. Thanks!
Assignee | ||
Updated•9 years ago
|
Attachment #8563480 -
Flags: review?(rrelyea)
Updated•9 years ago
|
Attachment #8563480 -
Flags: review?(rrelyea) → review+
Assignee | ||
Comment 8•9 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/484e72583add
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 9•9 years ago
|
||
Yuhong Bao, if you think there is need for discussing your questions, I suggest you could post to the mozilla.dev.security.policy list. (This bug is to track action that have already been decided on that list.) Thanks
Blocks: 1155279
You need to log in
before you can comment on or make changes to this bug.
Description
•