1761053 - CCADB entries generated 2022-03-23T17:00:50Z

Status: RESOLVED FIXED

(Core :: Security Block-lists, Allow-lists, and other State, enhancement)

Description

[Common CA Database to OneCRL Bot]

Adding entries to OneCRL based on revoked intermediate certificates reported in the CCADB.

Comment 1

[Common CA Database to OneCRL Bot]

Attachment: Line delimited issuer/serial pairs

Comment 2

[Common CA Database to OneCRL Bot]

Attachment: The additions to OneCRL proposed by this bug.

Comment 3

[Common CA Database to OneCRL Bot]

Attachment: Entries with their names decoded to plain text and hexadecimal serials/hashes.

Comment 4

[Kathleen Wilson]

These are the correct entries to add to OneCRL.
We do not need to run TLS Canary on this batch of changes.

Dana, Please proceed with approval at Kinto Staging.

Comment 5

[Dana Keeler (she/her) (use needinfo) [:keeler]]

Approved at staging.

[17:11:11] Stage-Stage: 1452 Stage-Preview: 1452 Stage-Published: 1452                                                                                                                         compare.py:67
[17:11:12] Prod-Stage: 1452 Prod-Preview: 1452 Prod-Published: 1437                                                                                                                            compare.py:75
           Verifying stage against preview                                                                                                                                                     compare.py:82
           stage/security-state-staging (1452) and stage/security-state-preview (1452) are equivalent                                                                                          compare.py:87
           stage/security-state-staging (1452) and prod/security-state-staging (1452) are equivalent                                                                                           compare.py:87
           stage/security-state-staging (1452) and prod/security-state-preview (1452) are equivalent                                                                                           compare.py:87
           stage/security-state-preview (1452) and prod/security-state-staging (1452) are equivalent                                                                                           compare.py:87
           stage/security-state-preview (1452) and prod/security-state-preview (1452) are equivalent                                                                                           compare.py:87
[17:11:13] prod/security-state-staging (1452) and prod/security-state-preview (1452) are equivalent                                                                                            compare.py:87
           No changes are waiting in staging                                                                                                                                                   compare.py:90
           There are 15 changes waiting in production. Adding:                                                                                                                                 compare.py:99
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1761053', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvb
mx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMg==',
    'serialNumber': 'MlFBKQ8jIyZrnSHB976ldQ=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1761053', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvb
mx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMg==',
    'serialNumber': 'HWoKeJCECRm+uJ7rxJqiiA=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1761053', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGIxCzAJBgNVBAYTAkNOMTIwMAYDVQQKDClHVUFORyBET05HIENFUlRJRklDQVRFIEFVVEhPUklUWSBDTy4sTFRELjEfMB0GA1UEAwwWR0RDQSBUcnVzdEFVVEggUjUgUk9PVA==',
    'serialNumber': 'Y1SwpvX/WSo='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1761053', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MFAxJDAiBgNVBAsTG0dsb2JhbFNpZ24gRUNDIFJvb3QgQ0EgLSBSNTETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbg==',
    'serialNumber': 'eAMapQq7bryFyqrojWQvYA=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1761053', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGIxCzAJBgNVBAYTAkNOMTIwMAYDVQQKDClHVUFORyBET05HIENFUlRJRklDQVRFIEFVVEhPUklUWSBDTy4sTFRELjEfMB0GA1UEAwwWR0RDQSBUcnVzdEFVVEggUjUgUk9PVA==',
    'serialNumber': 'Jofc/+DvJno='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1761053', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGIxCzAJBgNVBAYTAkNOMTIwMAYDVQQKDClHVUFORyBET05HIENFUlRJRklDQVRFIEFVVEhPUklUWSBDTy4sTFRELjEfMB0GA1UEAwwWR0RDQSBUcnVzdEFVVEggUjUgUk9PVA==',
    'serialNumber': 'Ib1iJz+4Aag='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1761053', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3QgRTQ2',
    'serialNumber': 'eEqpJ4UK3c1w4qeeJgI8xg=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1761053', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3QgRTQ2',
    'serialNumber': 'eAMYKYIz6v1CqTryiwPINw=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1761053', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvb
mx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMg==',
    'serialNumber': '7IommwnrTp0AAAAAUdOUIw=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1761053', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGCMQswCQYDVQQGEwJERTErMCkGA1UECgwiVC1TeXN0ZW1zIEVudGVycHJpc2UgU2VydmljZXMgR21iSDEfMB0GA1UECwwWVC1TeXN0ZW1zIFRydXN0IENlbnRlcjElMCMGA1UEAwwcVC1UZWxlU2VjIEdsb2JhbFJvb3QgQ2xhc3MgMg==',
    'serialNumber': 'AvpjwbwFBQphBhtsnYT+lw=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1761053', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGMxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIgTmVkZXJsYW5kZW4xNDAyBgNVBAMMK1N0YWF0IGRlciBOZWRlcmxhbmRlbiBEb21laW4gU2VydmVyIENBIDIwMjA=',
    'serialNumber': 'E6jLybNc4Vs6mOwPv4ezOA4Gtq8='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1761053', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MGIxCzAJBgNVBAYTAkNOMTIwMAYDVQQKDClHVUFORyBET05HIENFUlRJRklDQVRFIEFVVEhPUklUWSBDTy4sTFRELjEfMB0GA1UEAwwWR0RDQSBUcnVzdEFVVEggUjUgUk9PVA==',
    'serialNumber': 'F7Ot0kCjuSA='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1761053', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu',
    'serialNumber': 'evszTxhTzfGyltzw89K2fA=='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1761053', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGlMQswCQYDVQQGEwJFUzFDMEEGA1UEBww6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTEbMBkGA1UECgwSQUMgQ2FtZXJmaXJtYSBTLkEuMRIwEAYDVQQFEwlBODI3NDMyODcxIDAeB
gNVBAMMF0dMT0JBTCBDT1JQT1JBVEUgU0VSVkVS',
    'serialNumber': 'B9mxhOTwQxA='
}
{
    'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1761053', 'who': '', 'why': '', 'name': '', 'created': ''},
    'enabled': False,
    'issuerName': 'MIGlMQswCQYDVQQGEwJFUzFDMEEGA1UEBww6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTEbMBkGA1UECgwSQUMgQ2FtZXJmaXJtYSBTLkEuMRIwEAYDVQQFEwlBODI3NDMyODcxIDAeB
gNVBAMMF0dMT0JBTCBDT1JQT1JBVEUgU0VSVkVS',
    'serialNumber': 'cvJ358Jb7tncxn4='
}
           Staging is updated, and production changes are waiting, so Firefox can use                                                                                                         compare.py:110
           Remote Settings DevTools (https://github.com/mozilla-extensions/remote-settings-devtools)                                                                                                        
           and cert-storage-inspector (https://github.com/mozkeeler/cert-storage-inspector) to test                                                                                                         
           OneCRL.

Comment 6

[Kathleen Wilson]

Looks correct to me.
Please proceed with approving at Kinto Production after you have verified that the changes in Staging Nightly look correct (remote-settings-devtools).
Thanks!

Comment 7

[Common CA Database to OneCRL Bot]

Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1761053

Comment 8

[Dana Keeler (she/her) (use needinfo) [:keeler]]

Changes look as expected. Approved in prod.

Comment 9

[Kathleen Wilson]

Thanks!