Closed
Bug 1688277
Opened 3 years ago
Closed 3 years ago
Add the regenerated version of the Kazakhstan MITM root to OneCRL
Categories
(Core :: Security Block-lists, Allow-lists, and other State, task)
Core
Security Block-lists, Allow-lists, and other State
Tracking
()
RESOLVED
FIXED
People
(Reporter: kwilson, Assigned: keeler)
References
(Blocks 1 open bug)
Details
(Keywords: sec-other, Whiteboard: [ca-onecrl] )
Attachments
(1 file)
2.14 KB,
application/x-x509-ca-cert
|
Details |
+++ This bug was initially created as a clone of Bug #1680927 +++
The Kazakhstan government regenerated the root certificate that we added to OneCRL.
https://blog.mozilla.org/netpolicy/2020/12/18/kazakhstan-root-2020/
Please add the regenerated root cert (attached) to OneCRL.
Reporter | ||
Comment 1•3 years ago
|
||
Approved at Kinto Staging.
Reporter | ||
Comment 2•3 years ago
|
||
For reference, the new cert has been added to crt.sh: https://crt.sh/?id=3967758934
Reporter | ||
Comment 3•3 years ago
|
||
Test site: https://check.isca.gov.kz/
Assignee | ||
Comment 4•3 years ago
|
||
Test site shows the root is revoked in staging, as expected.
Assignee | ||
Comment 5•3 years ago
|
||
[15:17:49] Stage-Stage: 1306 Stage-Preview: 1306 Stage-Published: 1306 compare.py:67
[15:17:50] Prod-Stage: 1306 Prod-Preview: 1306 Prod-Published: 1305 compare.py:75
Verifying stage against preview compare.py:82
stage/security-state-staging (1306) and stage/security-state-preview (1306) are equivalent compare.py:87
stage/security-state-staging (1306) and prod/security-state-staging (1306) are equivalent compare.py:87
stage/security-state-staging (1306) and prod/security-state-preview (1306) are equivalent compare.py:87
stage/security-state-preview (1306) and prod/security-state-staging (1306) are equivalent compare.py:87
stage/security-state-preview (1306) and prod/security-state-preview (1306) are equivalent compare.py:87
prod/security-state-staging (1306) and prod/security-state-preview (1306) are equivalent compare.py:87
No changes are waiting in staging compare.py:90
There are 1 changes waiting in production. Adding: compare.py:99
{
'details': {
'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1688277',
'who': 'dkeeler@mozilla.com',
'why': 'Kazakhstan MITM (#4)',
'name': 'Information Security Certification Authority',
'created': '2021-01-22T20:13:32Z'
},
'enabled': True,
'issuerName': 'MFMxNTAzBgNVBAMTLEluZm9ybWF0aW9uIFNlY3VyaXR5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQKEwRJU0NBMQswCQYDVQQGEwJLWg==',
'serialNumber': 'e8S4MvOlwiPqsJG22mv4T3ELQkA='
}
Staging is updated, and production changes are waiting, so Firefox can use compare.py:110
Remote Settings DevTools (https://github.com/mozilla-extensions/remote-settings-devtools)
and cert-storage-inspector (https://github.com/mozkeeler/cert-storage-inspector) to test
OneCRL.
Reporter | ||
Comment 6•3 years ago
|
||
Approved at Kinto Production.
Updated•3 years ago
|
Reporter | ||
Comment 7•3 years ago
|
||
Added to OneCRL.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Updated•3 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•