Closed
Bug 1750787
Opened 3 years ago
Closed 3 years ago
Store CRLite issuer enrollment in cert-revocations
Categories
(Core :: Security: PSM, defect, P3)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
99 Branch
People
(Reporter: jschanck, Assigned: jschanck)
References
(Blocks 2 open bugs)
Details
Attachments
(1 file)
We read the enrollment of issuers from the intermediates
collection in Remote Settings and we read filters from cert-revocations
. Since these are two separate operations, we can get into a state where we enroll an intermediate prior to having a filter that covers its certificates. This can lead to mislabelling, so we should defer enrolling intermediates until after we've downloaded the most recent filter.
Assignee | ||
Comment 1•3 years ago
|
||
After reviewing the options, it believe that the space savings afforded by storing enrollment in intermediates
cannot justify the risk of mislabellings. We should store the enrollment list in cert-revocations
so that updates can be processed atomically. I've updated the title of this bug.
Summary: Defer enrollment of issuers in CRLite until next filter is published → Store CRLite issuer enrollment in cert-revocations
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 2•3 years ago
|
||
Pushed by jschanck@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4000eb2cd181
get CRLite enrollment list from cert-revocations. r=keeler
Comment 4•3 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox99:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 99 Branch
Updated•3 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•