Closed Bug 1692094 Opened 4 years ago Closed 4 years ago

Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008'

Categories

(NSS :: CA Certificates Code, task, P1)

Product:
NSS
Component:
CA Certificates Code
Version:
3.63
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kathleen.a.wilson, Assigned: beurdouche)

References

Details

(Whiteboard: March 2021 Batch of Root Changes)

Attachments

(2 files)

Bug 1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008'. r=KathleenWilson
48 bytes, text/x-phabricator-request
Details | Review
Bug 1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. r=KathleenWilson
48 bytes, text/x-phabricator-request
Details | Review

Please turn off the Websites trust bit for the following root certificates. The Email (S/MIME) trust bit will continue to be enabled for them.

  1. Chambers of Commerce Root - 2008
    SHA-1 Fingerprint 786A74AC76AB147F9C6A3050BA9EA87EFE9ACE3C
    SHA-256 Fingerprint 063E4AFAC491DFD332F3089B8542E94617D893D7FE944E10A7937EE29D9693C0
    EV enabled

  2. Global Chambersign Root - 2008
    SHA-1 Fingerprint 4ABDEEEC950D359C89AEC752A12C5B29F6D6AA0C
    SHA-256 Fingerprint 136335439334A7698016A0D324DE72284E079D7B5220BB8FBD747816EEBEBACA
    Not EV

Additionally, please set the “Distrust for S/MIME After Date” to March 1, 2021, for the following two root certificates.

  1. Chambers of Commerce Root
    SHA-1 Fingerprint 6E3A55A4190C195C93843CC0DB722E313061F0B1
    SHA-256 Fingerprint 0C258A12A5674AEF25F28BA7DCFAECEEA348E541E6F5CC4EE63B71B361606AC3

  2. Global Chambersign Root
    SHA-1 Fingerprint 339B6B1450249B557A01877284D9E02FC3D2D8E9
    SHA-256 Fingerprint EF3CB417FC8EBF6F97876C9E4ECE39DE1EA5FE649141D1028B7D11C0B2298CED

Background:
This is the decision that resulted from discussions about Camerfirma incidents.
https://groups.google.com/g/mozilla.dev.security.policy/c/dSeD3dgnpzk/m/diOfeWNpBQAJ
https://groups.google.com/g/mozilla.dev.security.policy/c/jif4zWNgGPw/m/OvnRgTEdAQAJ
https://groups.google.com/g/mozilla.dev.security.policy/c/PnAAWnxyosM/m/cImb78jnBAAJ

Depends on: 1693217

Looks like we need this in 3.62 as the next release of NSS would be after the Distrust date which is March 1, 2021.

Assignee: nobody → bbeurdouche
Severity: -- → S1
Status: NEW → ASSIGNED
Type: enhancement → task
Priority: -- → P1
Version: trunk → 3.62

This patch went into NSS 3.63.

Version: 3.62 → 3.63
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: