Closed Bug 1432467 Opened 7 years ago Closed 7 years ago

CCADB entries generated 2018-01-23T13:41:18Z

Categories

(Core :: Security Block-lists, Allow-lists, and other State, enhancement)

Product:
Core
Component:
Security Block-lists, Allow-lists, and other State
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: omphalos, Unassigned)

References

Details

Attachments

(2 files)

Intermediates to be revoked
644 bytes, text/plain
mwobensmith
: review+
kathleen.a.wilson
: review+
wthayer
: review+
Details
existing and new revocations in the form of a revocations.txt file
31.36 KB, text/plain
mwobensmith
: review+
kathleen.a.wilson
: review+
Details
No description provided.
Revocations data for new records
Attachment #8944710 - Flags: review?(mwobensmith)
Attachment #8944710 - Flags: review?(kwilson)
Revocations data for new and existing records
Attachment #8944711 - Flags: review?(mwobensmith)
Attachment #8944711 - Flags: review?(kwilson)
Please note, this set of additions includes the entry from bug 1427034
Attachment #8944710 - Flags: review?(wthayer)
Comment on attachment 8944710 [details] Intermediates to be revoked Confirmed that the correct certificate is being referenced.
Attachment #8944710 - Flags: review?(wthayer) → review+
Downloading intermediates to be revoked from bug # 1432467 Results: Pending Kinto Dataset (Found): 617 Added Entries (Expected): 4 [GOOD] Expected But Not Pending (Not Found): 0 Deleted: 0 [GOOD] Entries In Production But Lost Without Being Deleted (Missing): 0 [GOOD] The Expected file matches the change between the staged Kinto and production. [GOOD] The Kinto dataset found at production equals the union of the expected file and the live list. Nothing not found. Nothing deleted.
Comment on attachment 8944710 [details] Intermediates to be revoked I confirm that these are the correct entries to add to OneCRL. One entry is regarding Bug #1427034. The other three entries have OneCRL Status of "Ready To Add" in the CCADB, because I have verified their revocations via their corresponding CRLs.
Attachment #8944710 - Flags: review?(kwilson) → review+
Attachment #8944711 - Flags: review?(kwilson) → review+
Blocks: 1427034
TLS Canary found one site that is affected by this change: https://surveys.intesasanpaolo.com/ It ranks at #910376 in the top one million site list. If this is expected and/or otherwise acceptable, I can r+ the revocations file.
Flags: needinfo?(jjones)
Flags: needinfo?(kwilson)
It's expected since we're distrusting its root. I'll leave it to Kathleen to confirm that the root distrust is correct. (TLS Observatory scan: https://observatory.mozilla.org/analyze.html?host=surveys.intesasanpaolo.com#tls )
Flags: needinfo?(jjones)
(In reply to Matt Wobensmith [:mwobensmith][:matt:] from comment #7) > TLS Canary found one site that is affected by this change: > > https://surveys.intesasanpaolo.com/ > > It ranks at #910376 in the top one million site list. > > If this is expected and/or otherwise acceptable, I can r+ the revocations > file. Ben, Please confirm that DigiCert's customer is aware that their website https://surveys.intesasanpaolo.com/ needs to be updated to not use the revoked cert https://crt.sh/?id=6158202.
Flags: needinfo?(kwilson) → needinfo?(ben.wilson)
Attachment #8944710 - Flags: review?(mwobensmith) → review+
Attachment #8944711 - Flags: review?(mwobensmith) → review+
Today I reached out to IntesaSanpaolo just to make sure that they were aware of this website, https://surveys.intesasanpaolo.com.
Flags: needinfo?(ben.wilson)
JC, please proceed with the rest of the process to add these to OneCRL. Thanks!
Flags: needinfo?(jjones)
Signed, pushed to OneCRL.
Flags: needinfo?(jjones)
I confirm that these entries have been added to OneCRL. Thanks!
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED

Moving bug to Core::Security Block-lists, Allow-lists, and other State.

Component: Blocklist Policy Requests → Security Block-lists, Allow-lists, and other State
Product: Toolkit → Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: