CCADB entries generated 2023-09-20T18:04:55Z
Categories
(Core :: Security Block-lists, Allow-lists, and other State, enhancement)
Tracking
()
People
(Reporter: ccadb2onercl, Unassigned)
Details
Attachments
(3 files)
Adding entries to OneCRL based on revoked intermediate certificates reported in the CCADB.
Reporter | ||
Comment 1•9 months ago
|
||
Reporter | ||
Comment 2•9 months ago
|
||
Reporter | ||
Comment 3•9 months ago
|
||
Comment 4•9 months ago
|
||
These are the correct entries to add to OneCRL.
We do not need to run TLS Canary on this batch of changes.
Dana, Please:
Approve at Kinto Staging.
Use remote-settings-devtools in a development profile to confirm the OneCRL data in Staging Nightly is as intended. (It may take a while for the changes to show up.)
Run the onecrl-entry-checker tool and attach the output to this bug.
Thanks,
Ben
Reporter | ||
Comment 5•8 months ago
|
||
Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1854222
Comment 6•8 months ago
|
||
Approved on staging.
[14:36:44] Stage-Stage: 1579 Stage-Preview: 1579 Stage-Published: 1579 compare.py:67
[14:36:46] Prod-Stage: 1579 Prod-Preview: 1579 Prod-Published: 1562 compare.py:75
Verifying stage against preview compare.py:82
prod/security-state-staging (1579) and prod/security-state-preview (1579) are equivalent compare.py:87
prod/security-state-staging (1579) and prod/security-state-staging (1579) are equivalent compare.py:87
prod/security-state-staging (1579) and prod/security-state-preview (1579) are equivalent compare.py:87
prod/security-state-preview (1579) and prod/security-state-staging (1579) are equivalent compare.py:87
prod/security-state-preview (1579) and prod/security-state-preview (1579) are equivalent compare.py:87
prod/security-state-staging (1579) and prod/security-state-preview (1579) are equivalent compare.py:87
No changes are waiting in staging compare.py:90
There are 17 changes waiting in production. Adding: compare.py:99
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MEUxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzI=',
'serialNumber': 'AIEIODzAB3XEDG1za+Mwiw=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
'serialNumber': 'AJBuE8344SrHVZEVqVicPc0='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
'serialNumber': 'ZVQgp61GpFI5YQ4bRYdLwQ=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
'serialNumber': 'JGSVSBLLB3o3k9sPvSI4mw=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
'serialNumber': 'WAE9mhEYoCYAhMiVAzSf2w=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
'serialNumber': 'IyygpSElAUZRSSMeuADPTQ=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MFQxCzAJBgNVBAYTAkNOMSYwJAYDVQQKDB1CRUlKSU5HIENFUlRJRklDQVRFIEFVVEhPUklUWTEdMBsGA1UEAwwUQkpDQSBHbG9iYWwgUm9vdCBDQTI=',
'serialNumber': 'TpwBfSjFJUcBb/KpgVpdYQ=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
'serialNumber': 'AIyKF6j474AWe01PLn9A6I8='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
'serialNumber': 'Bw1L/czFd0GTl4v2bxUqqw=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MEUxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzI=',
'serialNumber': 'APodqurJs6X6V5gLmXTaMQ=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==',
'serialNumber': 'AO9kCADxUMyMns2lqg7Meks='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjg=',
'serialNumber': 'JvosL2pTlZtYGv5T23DhhQ=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MEcxCzAJBgNVBAYTAlVTMSIwIAYDVQQKExlHb29nbGUgVHJ1c3QgU2VydmljZXMgTExDMRQwEgYDVQQDEwtHVFMgUm9vdCBSMg==',
'serialNumber': 'AhnBWsAlobClwdnVAQ=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MEcxCzAJBgNVBAYTAlVTMSIwIAYDVQQKExlHb29nbGUgVHJ1c3QgU2VydmljZXMgTExDMRQwEgYDVQQDEwtHVFMgUm9vdCBSMw==',
'serialNumber': 'AhZo2NZbxDIOW45edg=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0E=',
'serialNumber': 'QAE0sQ0AAAAAAAAMzpf7sg=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MEcxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxITAfBgNVBAMTGFN3aXNzU2lnbiBTaWx2ZXIgQ0EgLSBHMg==',
'serialNumber': 'a8MYySrNF2PrQchvr0f3'
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1854222', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MFAxJDAiBgNVBAsTG0dsb2JhbFNpZ24gRUNDIFJvb3QgQ0EgLSBSNDETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbg==',
'serialNumber': 'AhZo8c0KKo+EfYqtNA=='
}
[14:36:47] Staging is updated, and production changes are waiting, so Firefox can use compare.py:110
Remote Settings DevTools (https://github.com/mozilla-extensions/remote-settings-devtools)
and cert-storage-inspector (https://github.com/mozkeeler/cert-storage-inspector) to test
OneCRL.
Reporter | ||
Comment 7•8 months ago
|
||
Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1854222
Comment 8•8 months ago
|
||
I have compared the output in Comment #6 with the attachment "The additions to OneCRL proposed by this bug" and they are consistent. Please proceed with approving the changes in Kinto Production.
Updated•8 months ago
|
Reporter | ||
Comment 9•8 months ago
|
||
Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1854222
Reporter | ||
Comment 10•8 months ago
|
||
Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1854222
Comment 12•8 months ago
|
||
I verified that these changes are in my Firefox Nightly and Release profiles.
Description
•