CCADB entries generated 2025-08-22T17:00:39Z
Categories
(Core :: Security Block-lists, Allow-lists, and other State, enhancement)
Tracking
()
People
(Reporter: ccadb2onercl, Assigned: bwilson)
Details
Attachments
(3 files)
Adding entries to OneCRL based on revoked intermediate certificates reported in the CCADB.
|
Reporter | |
Comment 1•10 months ago
|
||
|
|
Reporter | |
Comment 2•10 months ago
|
||
|
|
Reporter | |
Comment 3•10 months ago
|
||
|
Assignee | |
Updated•10 months ago
|
|
|
Assignee | |
Comment 4•10 months ago
|
||
These are the eleven (11) CA certificates to be added to One CRL:
issuer: /C=US/O=Microsoft Corporation/CN=Microsoft TLS RSA Root G2 serial: 3300000008710ce4eaf0bcc488000000000008
issuer: /C=IN/O=eMudhra Technologies Limited/CN=emSign Root TLS CA - G3 serial: 62f09eb8da2043fdcd29f9ffd46460
issuer: /C=IN/O=eMudhra Technologies Limited/CN=emSign Root TLS CA - G1 serial: 2462d9884fbf5622339fc366b84b73
issuer: /C=US/O=Microsoft Corporation/CN=Microsoft TLS RSA Root G2 serial: 330000000674997e55d8c5020d000000000006
issuer: /C=IN/O=eMudhra Technologies Limited/CN=emSign Root TLS CA - G1 serial: 008bac52c0f3ffff3149f536e6dc215a
issuer: /C=US/O=Microsoft Corporation/CN=Microsoft TLS RSA Root G2 serial: 33000000092799cf18b020c53f000000000009
issuer: /C=IN/O=eMudhra Technologies Limited/CN=emSign Root TLS CA - G3 serial: 217b2d6d167ec0a6a9fa3e0b283311
issuer: /C=US/O=Microsoft Corporation/CN=Microsoft TLS RSA Root G2 serial: 330000000710f17e5773d03d87000000000007
issuer: /C=US/O=Microsoft Corporation/CN=Microsoft TLS RSA Root G2 serial: 33000000050717b5ee99e2f4df000000000005
issuer: /C=IN/O=eMudhra Technologies Limited/CN=emSign Root TLS CA - G1 serial: 43abb4b2e3968fb8b71fc7d2fc375f
issuer: /C=IN/O=eMudhra Technologies Limited/CN=emSign Root TLS CA - G3 serial: 15e599da4e0962cbee3926bdb98a8b
These are ready for review/approval in Kinto Staging.
|
||
Comment 5•10 months ago
|
||
Approved in stage, looks good in remote-settings-devtools.
onecrl-entry-checker output:
[16:24:10] Stage-Stage: 1711 Stage-Preview: 1711 Stage-Published: 1711 compare.py:67
[16:24:12] Prod-Stage: 1711 Prod-Preview: 1711 Prod-Published: 1700 compare.py:75
Verifying stage against preview compare.py:82
prod/security-state-staging (1711) and prod/security-state-preview (1711) are equivalent compare.py:87
prod/security-state-staging (1711) and prod/security-state-staging (1711) are equivalent compare.py:87
prod/security-state-staging (1711) and prod/security-state-preview (1711) are equivalent compare.py:87
prod/security-state-preview (1711) and prod/security-state-staging (1711) are equivalent compare.py:87
prod/security-state-preview (1711) and prod/security-state-preview (1711) are equivalent compare.py:87
prod/security-state-staging (1711) and prod/security-state-preview (1711) are equivalent compare.py:87
No changes are waiting in staging compare.py:90
There are 11 changes waiting in production. Adding: compare.py:99
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1984708', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MFYxCzAJBgNVBAYTAklOMSUwIwYDVQQKDBxlTXVkaHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMSAwHgYDVQQDDBdlbVNpZ24gUm9vdCBUTFMgQ0EgLSBHMw==',
'serialNumber': 'FeWZ2k4JYsvuOSa9uYqL'
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1984708', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MFYxCzAJBgNVBAYTAklOMSUwIwYDVQQKDBxlTXVkaHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMSAwHgYDVQQDDBdlbVNpZ24gUm9vdCBUTFMgQ0EgLSBHMQ==',
'serialNumber': 'Q6u0suOWj7i3H8fS/Ddf'
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1984708', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MFExCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xIjAgBgNVBAMTGU1pY3Jvc29mdCBUTFMgUlNBIFJvb3QgRzI=',
'serialNumber': 'MwAAAAUHF7XumeL03wAAAAAABQ=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1984708', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MFExCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xIjAgBgNVBAMTGU1pY3Jvc29mdCBUTFMgUlNBIFJvb3QgRzI=',
'serialNumber': 'MwAAAAcQ8X5Xc9A9hwAAAAAABw=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1984708', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MFYxCzAJBgNVBAYTAklOMSUwIwYDVQQKDBxlTXVkaHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMSAwHgYDVQQDDBdlbVNpZ24gUm9vdCBUTFMgQ0EgLSBHMw==',
'serialNumber': 'IXstbRZ+wKap+j4LKDMR'
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1984708', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MFExCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xIjAgBgNVBAMTGU1pY3Jvc29mdCBUTFMgUlNBIFJvb3QgRzI=',
'serialNumber': 'MwAAAAknmc8YsCDFPwAAAAAACQ=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1984708', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MFYxCzAJBgNVBAYTAklOMSUwIwYDVQQKDBxlTXVkaHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMSAwHgYDVQQDDBdlbVNpZ24gUm9vdCBUTFMgQ0EgLSBHMQ==',
'serialNumber': 'AIusUsDz//8xSfU25twhWg=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1984708', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MFExCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xIjAgBgNVBAMTGU1pY3Jvc29mdCBUTFMgUlNBIFJvb3QgRzI=',
'serialNumber': 'MwAAAAZ0mX5V2MUCDQAAAAAABg=='
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1984708', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MFYxCzAJBgNVBAYTAklOMSUwIwYDVQQKDBxlTXVkaHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMSAwHgYDVQQDDBdlbVNpZ24gUm9vdCBUTFMgQ0EgLSBHMQ==',
'serialNumber': 'JGLZiE+/ViIzn8NmuEtz'
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1984708', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MFYxCzAJBgNVBAYTAklOMSUwIwYDVQQKDBxlTXVkaHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMSAwHgYDVQQDDBdlbVNpZ24gUm9vdCBUTFMgQ0EgLSBHMw==',
'serialNumber': 'YvCeuNogQ/3NKfn/1GRg'
}
{
'details': {'bug': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1984708', 'who': '', 'why': '', 'name': '', 'created': ''},
'enabled': False,
'issuerName': 'MFExCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xIjAgBgNVBAMTGU1pY3Jvc29mdCBUTFMgUlNBIFJvb3QgRzI=',
'serialNumber': 'MwAAAAhxDOTq8LzEiAAAAAAACA=='
}
[16:24:13] Staging is updated, and production changes are waiting, so Firefox can use compare.py:110
Remote Settings DevTools (https://github.com/mozilla-extensions/remote-settings-devtools)
and cert-storage-inspector (https://github.com/mozkeeler/cert-storage-inspector) to test
OneCRL.
|
|
Reporter | |
Comment 6•10 months ago
|
||
Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1984708
|
|
Assignee | |
Comment 7•10 months ago
|
||
I've compared the information in staging in Comment #5 with the additions to OneCRL proposed by this bug in Comment #2, and we should proceed with moving forward with them in Prod.
|
|
Reporter | |
Comment 8•10 months ago
|
||
Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1984708
|
|
Reporter | |
Comment 9•10 months ago
|
||
Changes are still in review. The following bugs appear to require resolution.
https://bugzilla.mozilla.org/show_bug.cgi?id=1984708
|
||
Comment 11•10 months ago
|
||
These additions to OneCRL appear in my profile, on crt.sh, and elsewhere.
Description
•