1664854 - Update OneCRL exceptional revocation entry for revoked.badssl.com

Status: RESOLVED FIXED

(Core :: Security Block-lists, Allow-lists, and other State, task)

Description

[April King [:April]]

As reported here: https://github.com/mozilla-mobile/fenix/issues/14597

We don't have an updated OneCRL entry for the current revoked.badssl.com, as was done in bug 1300977.

Please add the following entry to OneCRL:

{
    "issuerName": "ME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQQ==",
    "serialNumber": "A3G1iob2zpw+y3v0L5II/A==",
    "enabled": true,
    "details": {
      "who": "",
      "created": "2020-09-14T17:08:33Z",
      "bug": "https://bugzilla.mozilla.org/show_bug.cgi?id=1664854",
      "name": "revoked.badssl.com certificate",
      "why": ""
    }
  }

Comment 1

[J.C. Jones [:jcj] (he/him)]

OneCRL exceptional list update: https://github.com/mozilla/OneCRL-Tools/pull/166
Staged new entry: https://firefox.settings.services.mozilla.com/v1/buckets/security-state-preview/collections/onecrl/records/53648e4e-4a7e-4c75-858e-cab93f2a31d1

Ready for sign-off.

Comment 2

[Kathleen Wilson]

(In reply to J.C. Jones [:jcj] (he/him) [increased latency due to COVID-19] from comment #1)

OneCRL exceptional list update: https://github.com/mozilla/OneCRL-Tools/pull/166

Verified it's the correct cert, and approved.

Staged new entry: https://firefox.settings.services.mozilla.com/v1/buckets/security-state-preview/collections/onecrl/records/53648e4e-4a7e-4c75-858e-cab93f2a31d1

Ready for sign-off.

Thanks!

Comment 3

[Kathleen Wilson]

https://crt.sh/mozilla-onecrl shows that this entry has been added to OneCRL.
It may take a while for the change to propagate out to clients.

Comment 4

[April King [:April]]

Thanks jcj, dana, kathleen, you three rock as always. :)