Closed Bug 1602265 Opened 4 years ago Closed 4 years ago

CCADB entries generated 2019-12-07T17:20:17Z

Categories

(Core :: Security Block-lists, Allow-lists, and other State, task)

Product:
Core
Component:
Security Block-lists, Allow-lists, and other State
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: wthayer, Unassigned)

Details

Attachments

(5 files)

Intermediates to be revoked
8.65 KB, text/plain
jcj
: data-review+
kathleen.a.wilson
: data-review+
Details
existing and new revocations in the form of a revocations.txt file
58.94 KB, text/plain
kathleen.a.wilson
: data-review+
Details
Canary results.png
51.35 KB, image/png
Details
canary run log
30.97 KB, application/json
Details
revocations-Jan10-2020.txt
58.91 KB, text/plain
Details
No description provided.
Revocations data for new records
Attachment #9114406 - Flags: data-review?(kwilson)
Attachment #9114406 - Flags: data-review?(jjones)
Revocations data for new and existing records
Attachment #9114407 - Flags: data-review?(kwilson)
Attachment #9114407 - Flags: data-review?(jjones)

(9, 0400000000013189C63E80, GlobalSign PersonalSign Partners CA - SHA256 - G2) no match found in CRL:

(10, 0400000000012F4EE152D7, GlobalSign Timestamping CA - G2) no match found in CRL:

(12, 040000000001444F0236B6, GlobalSign CA for AATL - SHA256 - G2) no match found in CRL:

(14, 47C31000189DC0411C9F3E546841, GlobalSign PersonalSign 2 CA - G3) no match found in CRL:

(15, 47C30FFF8A619A37F5A82EF0B575, GlobalSign PersonalSign 1 CA - G3) no match found in CRL:

(17, 01E9D8A4A62D2B28113982A94D, GlobalSign CA for AATL - SHA384 - G4) no match found in CRL:

(18, 01E9D8A4CC18236C2A58C1AF8C, GlobalSign TSA CA for AATL) no match found in CRL:

(20, 01EC1C9240DEFD2E405D7C4774, GlobalSign Timestamping CA - SHA384 - G4) no match found in CRL:

(21, 47C31000C04BFA8A2654B741EC2B, GlobalSign PersonalSign 3 CA - G3) no match found in CRL:

(22, 01EE5F159A005781CEDF5B6A59, GlobalSign Partners TSA CA for AATL) no match found in CRL:

(23, 01EE5F157ED038CA385D7F3CE7, GlobalSign Partners Timestamping CA - SHA384 - G4) no match found in CRL:

(24, 0400000000013189C65004, GlobalSign Timestamping CA - SHA256 - G2) no match found in CRL:

(25, 45E6B7C3ECFD4BA24B31E9ABF085, GlobalSign CA 3 for AATL) no match found in CRL:

(27, 0400000000012BCE328A6A, JCAN Sub Root CA0) no match found in CRL:

(29, 0400000000013189C640B2, GlobalSign PersonalSign Partners CA - SHA256 - G2) no match found in CRL:

(30, 040000000001331BD0AEC9, JCAN Public CA1 - G3) no match found in CRL:

(31, 45E6B7AFDCA671BDB65D14F3DAC0, GlobalSign CA 2 for AATL) no match found in CRL:

(33, 0400000000012019C19066, GlobalSign Timestamping CA) no match found in CRL:

(37, 04000000000127FBD22364, GlobalSign Timestamping CA - R3) no match found in CRL:

(38, 47C310523D5349CDDDE96B8EF27F, NAESB Issuing CA - SHA384 - G3) no match found in CRL:

(55, 00A60D883219A3FD59, TrustCor Basic Secure Email (CA1)) no match found in CRL:

Entry Checker Results:
Pending Kinto Dataset (Found): 1143
Added Entries (Expected): 55
[GOOD] Expected But Not Pending (Not Found): 0
Deleted: 0
[GOOD] Entries In Production But Lost Without Being Deleted (Missing): 0

[GOOD] The Expected file matches the change between the staged Kinto and production.
[GOOD] The Kinto dataset found at production equals the union of the expected file and the live list.
Nothing not found.
Nothing deleted.

Comment on attachment 9114406 [details]
Intermediates to be revoked

I confirm that this are the correct entries to add to OneCRL.
Attachment #9114406 - Flags: data-review?(kwilson) → data-review+
Comment on attachment 9114407 [details]
existing and new revocations in the form of a revocations.txt file

I confirm that the new entries have been added to this version of revocations.txt.
Attachment #9114407 - Flags: data-review?(kwilson) → data-review+

Mark, Would you please run TLS Canary with this set of OneCRL updates? We are adding 55 entries.

Flags: needinfo?(mgoodwin)
QA Contact: mgoodwin
Attached image Canary results.png
Flags: needinfo?(mgoodwin)

I've carried out the run. There are a few possible regressions; I've attached a screenshot of the summary and the run log for further investigation.

(In reply to Mark Goodwin [:mgoodwin] from comment #10)

I've carried out the run. There are a few possible regressions; I've attached a screenshot of the summary and the run log for further investigation.

Thanks, Mark! The potential regression sites either have errors not related to revocation or their TLS cert is signed by an intermediate cert that is not being added to OneCRL at this time.

JC, Please proceed with approving the change to add these entries to OneCRL.

Flags: needinfo?(jjones)
Flags: needinfo?(jjones)
Attachment #9114406 - Flags: data-review?(jjones) → data-review+
Attachment #9114407 - Flags: data-review?(jjones)

Approved at Kinto, OneCRL updated.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED

Moving bug to Core::Security Block-lists, Allow-lists, and other State.

Component: Blocklist Policy Requests → Security Block-lists, Allow-lists, and other State
Product: Toolkit → Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: