Closed
Bug 1432467
Opened 6 years ago
Closed 6 years ago
CCADB entries generated 2018-01-23T13:41:18Z
Categories
(Core :: Security Block-lists, Allow-lists, and other State, enhancement)
Core
Security Block-lists, Allow-lists, and other State
Tracking
()
RESOLVED
FIXED
People
(Reporter: omphalos, Unassigned)
References
Details
Attachments
(2 files)
No description provided.
Revocations data for new records
Attachment #8944710 -
Flags: review?(mwobensmith)
Attachment #8944710 -
Flags: review?(kwilson)
Revocations data for new and existing records
Attachment #8944711 -
Flags: review?(mwobensmith)
Attachment #8944711 -
Flags: review?(kwilson)
Comment 3•6 years ago
|
||
Please note, this set of additions includes the entry from bug 1427034
Updated•6 years ago
|
Attachment #8944710 -
Flags: review?(wthayer)
Comment 4•6 years ago
|
||
Comment on attachment 8944710 [details]
Intermediates to be revoked
Confirmed that the correct certificate is being referenced.
Attachment #8944710 -
Flags: review?(wthayer) → review+
Comment 5•6 years ago
|
||
Downloading intermediates to be revoked from bug # 1432467 Results: Pending Kinto Dataset (Found): 617 Added Entries (Expected): 4 [GOOD] Expected But Not Pending (Not Found): 0 Deleted: 0 [GOOD] Entries In Production But Lost Without Being Deleted (Missing): 0 [GOOD] The Expected file matches the change between the staged Kinto and production. [GOOD] The Kinto dataset found at production equals the union of the expected file and the live list. Nothing not found. Nothing deleted.
Comment 6•6 years ago
|
||
Comment on attachment 8944710 [details] Intermediates to be revoked I confirm that these are the correct entries to add to OneCRL. One entry is regarding Bug #1427034. The other three entries have OneCRL Status of "Ready To Add" in the CCADB, because I have verified their revocations via their corresponding CRLs.
Attachment #8944710 -
Flags: review?(kwilson) → review+
Updated•6 years ago
|
Attachment #8944711 -
Flags: review?(kwilson) → review+
Comment 7•6 years ago
|
||
TLS Canary found one site that is affected by this change: https://surveys.intesasanpaolo.com/ It ranks at #910376 in the top one million site list. If this is expected and/or otherwise acceptable, I can r+ the revocations file.
Flags: needinfo?(jjones)
Updated•6 years ago
|
Flags: needinfo?(kwilson)
Comment 8•6 years ago
|
||
It's expected since we're distrusting its root. I'll leave it to Kathleen to confirm that the root distrust is correct. (TLS Observatory scan: https://observatory.mozilla.org/analyze.html?host=surveys.intesasanpaolo.com#tls )
Flags: needinfo?(jjones)
Comment 9•6 years ago
|
||
(In reply to Matt Wobensmith [:mwobensmith][:matt:] from comment #7) > TLS Canary found one site that is affected by this change: > > https://surveys.intesasanpaolo.com/ > > It ranks at #910376 in the top one million site list. > > If this is expected and/or otherwise acceptable, I can r+ the revocations > file. Ben, Please confirm that DigiCert's customer is aware that their website https://surveys.intesasanpaolo.com/ needs to be updated to not use the revoked cert https://crt.sh/?id=6158202.
Flags: needinfo?(kwilson) → needinfo?(ben.wilson)
Updated•6 years ago
|
Attachment #8944710 -
Flags: review?(mwobensmith) → review+
Updated•6 years ago
|
Attachment #8944711 -
Flags: review?(mwobensmith) → review+
Comment 10•6 years ago
|
||
Today I reached out to IntesaSanpaolo just to make sure that they were aware of this website, https://surveys.intesasanpaolo.com.
Flags: needinfo?(ben.wilson)
Comment 11•6 years ago
|
||
JC, please proceed with the rest of the process to add these to OneCRL. Thanks!
Flags: needinfo?(jjones)
Comment 13•6 years ago
|
||
I confirm that these entries have been added to OneCRL. Thanks!
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Comment 14•3 years ago
|
||
Moving bug to Core::Security Block-lists, Allow-lists, and other State.
Component: Blocklist Policy Requests → Security Block-lists, Allow-lists, and other State
Product: Toolkit → Core
You need to log in
before you can comment on or make changes to this bug.
Description
•