CCADB entries generated 2019-12-07T17:20:17Z
Categories
(Core :: Security Block-lists, Allow-lists, and other State, task)
Tracking
()
People
(Reporter: wthayer, Unassigned)
Details
Attachments
(5 files)
8.65 KB,
text/plain
|
jcj
:
data-review+
kathleen.a.wilson
:
data-review+
|
Details |
58.94 KB,
text/plain
|
kathleen.a.wilson
:
data-review+
|
Details |
51.35 KB,
image/png
|
Details | |
30.97 KB,
application/json
|
Details | |
58.91 KB,
text/plain
|
Details |
Reporter | ||
Comment 1•4 years ago
|
||
Revocations data for new records
Reporter | ||
Comment 2•4 years ago
|
||
Revocations data for new and existing records
Reporter | ||
Comment 3•4 years ago
|
||
(9, 0400000000013189C63E80, GlobalSign PersonalSign Partners CA - SHA256 - G2) no match found in CRL:
(10, 0400000000012F4EE152D7, GlobalSign Timestamping CA - G2) no match found in CRL:
(12, 040000000001444F0236B6, GlobalSign CA for AATL - SHA256 - G2) no match found in CRL:
(14, 47C31000189DC0411C9F3E546841, GlobalSign PersonalSign 2 CA - G3) no match found in CRL:
(15, 47C30FFF8A619A37F5A82EF0B575, GlobalSign PersonalSign 1 CA - G3) no match found in CRL:
(17, 01E9D8A4A62D2B28113982A94D, GlobalSign CA for AATL - SHA384 - G4) no match found in CRL:
(18, 01E9D8A4CC18236C2A58C1AF8C, GlobalSign TSA CA for AATL) no match found in CRL:
(20, 01EC1C9240DEFD2E405D7C4774, GlobalSign Timestamping CA - SHA384 - G4) no match found in CRL:
(21, 47C31000C04BFA8A2654B741EC2B, GlobalSign PersonalSign 3 CA - G3) no match found in CRL:
(22, 01EE5F159A005781CEDF5B6A59, GlobalSign Partners TSA CA for AATL) no match found in CRL:
(23, 01EE5F157ED038CA385D7F3CE7, GlobalSign Partners Timestamping CA - SHA384 - G4) no match found in CRL:
(24, 0400000000013189C65004, GlobalSign Timestamping CA - SHA256 - G2) no match found in CRL:
(25, 45E6B7C3ECFD4BA24B31E9ABF085, GlobalSign CA 3 for AATL) no match found in CRL:
(27, 0400000000012BCE328A6A, JCAN Sub Root CA0) no match found in CRL:
(29, 0400000000013189C640B2, GlobalSign PersonalSign Partners CA - SHA256 - G2) no match found in CRL:
(30, 040000000001331BD0AEC9, JCAN Public CA1 - G3) no match found in CRL:
(31, 45E6B7AFDCA671BDB65D14F3DAC0, GlobalSign CA 2 for AATL) no match found in CRL:
(33, 0400000000012019C19066, GlobalSign Timestamping CA) no match found in CRL:
(37, 04000000000127FBD22364, GlobalSign Timestamping CA - R3) no match found in CRL:
(38, 47C310523D5349CDDDE96B8EF27F, NAESB Issuing CA - SHA384 - G3) no match found in CRL:
(55, 00A60D883219A3FD59, TrustCor Basic Secure Email (CA1)) no match found in CRL:
Reporter | ||
Comment 4•4 years ago
|
||
Entry Checker Results:
Pending Kinto Dataset (Found): 1143
Added Entries (Expected): 55
[GOOD] Expected But Not Pending (Not Found): 0
Deleted: 0
[GOOD] Entries In Production But Lost Without Being Deleted (Missing): 0
[GOOD] The Expected file matches the change between the staged Kinto and production.
[GOOD] The Kinto dataset found at production equals the union of the expected file and the live list.
Nothing not found.
Nothing deleted.
Comment 5•4 years ago
|
||
Comment on attachment 9114406 [details]
Intermediates to be revoked
I confirm that this are the correct entries to add to OneCRL.
Comment 6•4 years ago
|
||
Comment on attachment 9114407 [details]
existing and new revocations in the form of a revocations.txt file
I confirm that the new entries have been added to this version of revocations.txt.
Comment 7•4 years ago
|
||
Mark, Would you please run TLS Canary with this set of OneCRL updates? We are adding 55 entries.
Comment 8•4 years ago
|
||
Comment 9•4 years ago
|
||
Comment 10•4 years ago
|
||
I've carried out the run. There are a few possible regressions; I've attached a screenshot of the summary and the run log for further investigation.
Comment 11•4 years ago
|
||
(In reply to Mark Goodwin [:mgoodwin] from comment #10)
I've carried out the run. There are a few possible regressions; I've attached a screenshot of the summary and the run log for further investigation.
Thanks, Mark! The potential regression sites either have errors not related to revocation or their TLS cert is signed by an intermediate cert that is not being added to OneCRL at this time.
JC, Please proceed with approving the change to add these entries to OneCRL.
Updated•4 years ago
|
Updated•4 years ago
|
Comment 12•4 years ago
|
||
Approved at Kinto, OneCRL updated.
Comment 13•4 years ago
|
||
Comment 14•3 years ago
|
||
Moving bug to Core::Security Block-lists, Allow-lists, and other State.
Description
•