46 bytes, text/x-phabricator-request
|Details | Review|
Similar to Bug 1442075, this bug is to change the default of the "security.pki.distrust_ca_policy" pref to the value of 2, introduced in Bug 1456112. This change should happen in the Firefox 63 branch.
11 months ago
We should add this to 63 release notes.
status-firefox62: affected → wontfix
relnote-firefox: --- → ?
status-firefox63: --- → affected
tracking-firefox63: --- → blocking
Canary went live with this enabled somewhere around 31-July. We should make this change in Nightly sometime around 10-13 August. It should not ride the train to Beta initially. @pascalc suggested that we implement this as follows: you don't need to revert it in beta, you can use an ifdef statement with the NIGHTLY_BUILD define so as that the feature only targets nightly and does not affect beta. Here is an example in our code: https://searchfox.org/mozilla-central/source/browser/app/profile/firefox.js#1426-1430 Then during the 64 nightly cycle, the week of September 17, you remove the ifdef statement and ask in bug 1460062 an uplift of this patch to 63 beta 9 which is planned for September 25.
8 months ago
Assignee: nobody → dkeeler
Priority: P3 → P1
Whiteboard: [psm-backlog] → [psm-assigned]
This patch implements the Symantec distrust plan on Nightly only for now.
Comment on attachment 8998635 [details] bug 1460062 - Enforce Symantec distrust in Firefox 63 r?franziskus Franziskus Kiefer [:fkiefer or :franziskus] has approved the revision.
Attachment #8998635 - Flags: review+
Pushed by email@example.com: https://hg.mozilla.org/integration/autoland/rev/6ef1b4f2756a Enforce Symantec distrust in Firefox 63 r=franziskus
Status: NEW → RESOLVED
Last Resolved: 7 months ago
status-firefox63: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
Posted the site compatibility note a while ago: https://www.fxsitecompat.com/en-CA/docs/2018/symantec-geotrust-rapidssl-thawte-verisign-certificates-will-all-be-distrusted-in-october-2018/
Firefox 63 Beta 9 is shipping next Tuesday. Time to request an uplift if Comment 2 is still the plan?
We are not yet ready to enable this change in 63 Beta. Chrome has not yet enabled the distrust in their 70 Beta and the breakage caused by this change is still significant: http://tlscanary-plot-8e95d89854d73f4d.elb.us-west-2.amazonaws.com/ We'll continue to monitor this and determine when to move forward, but for now please do not uplift.
(see comment 9)
You need to log in before you can comment on or make changes to this bug.