Closed Bug 1404934 Opened 3 years ago Closed 2 years ago
[meta] Wire up Intermediate Preloading
Firefox trusts TLS certificates which descend through a graph from a Root CA in our Root Program. Root CAs sign Intermediate CAs which issue certificates. Intermediate CAs also sign other Intermediate CAs, providing multiple paths of trust for compatibility reasons. This topology sometimes produces unexpected results. The Root Program policy now requires all Intermediate CAs be disclosed to Mozilla before they may be used; the purpose of this policy was to eventually permit us to technically limit our trust store to only trust certificates descended from a whitelist of Intermediate CAs. This protects our users from intentional or unintentional use of cross-signatures to permit unexpected organizations from acting Mozilla-trusted certificate issuers. This bug tracks the implementation of a whitelist based on disclosed intermediates in Firefox.
Priority: -- → P1
3 years ago
3 years ago
Severity: normal → enhancement
OS: Unspecified → All
Hardware: Unspecified → All
Summary: Implement whitelisting of Intermediate Certificates → Implement preloading Intermediate Certificates
Moving to p3 because no activity for at least 24 weeks.
Priority: P1 → P3
Summary: Wire up Intermediate Preloading → [meta] Wire up Intermediate Preloading
Pushed by email@example.com: https://hg.mozilla.org/integration/autoland/rev/839decca3577 Wire-up Intermediate Preloading r=keeler
Depends on: 1530545
Depends on: 1520297
You need to log in before you can comment on or make changes to this bug.