Closed
Bug 290498
Opened 19 years ago
Closed 19 years ago
Add recently approved root CA certs to NSS_3_9_BRANCH
Categories
(NSS :: Libraries, enhancement, P1)
Tracking
(Not tracked)
RESOLVED
WONTFIX
3.9.6
People
(Reporter: wtc, Assigned: wtc)
Details
Attachments
(2 files, 3 obsolete files)
64.69 KB,
patch
|
Details | Diff | Splinter Review | |
376 bytes,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
We need to add recently approved root CA certs to the NSS_3_9_BRANCH for the Mozilla 1.7.x and Aviary (Firefox/Thunderbird) 1.0.x series products. The cutoff date for the certs that will be added in this enhancement request is today, 2005-04-15.
Assignee | ||
Comment 1•19 years ago
|
||
Assignee | ||
Comment 2•19 years ago
|
||
The patch is not human readable, so I'm asking you to review the list of new roots and their trust bits instead.
Attachment #180818 -
Flags: superreview?(hecker)
Attachment #180818 -
Flags: review?(nelson)
Assignee | ||
Comment 3•19 years ago
|
||
Comment on attachment 180817 [details] [diff] [review] Proposed patch Some comments on the patch. The changes to certdata.c (a generated file) are omitted for brevity. We don't need to bump the nssckbi module version because I just bumped it earlier this week for some other root CA change.
Assignee | ||
Comment 4•19 years ago
|
||
Comment on attachment 180817 [details] [diff] [review] Proposed patch I checked in this patch on the NSS_3_9_BRANCH (NSS 3.9.6, nssckbi 1.43). Checking in certdata.c; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.c,v <-- certdata.c new revision: 1.27.16.4; previous revision: 1.27.16.3 done Checking in certdata.txt; /cvsroot/mozilla/security/nss/lib/ckfw/builtins/certdata.txt,v <-- certdata.tx t new revision: 1.28.16.4; previous revision: 1.28.16.3 done
Comment 5•19 years ago
|
||
Comment on attachment 180818 [details] List of new roots and their trust bits >Camerfirma Chambers of Commerce Root C,C,C >Camerfirma Global Chambersign C,C,C >NetLock Notary (Class A) Root C,C,C >NetLock Business (Class B) Root C,C,C >NetLock Express (Class C) Root C,C,C >XRamp Global CA Root C,C,C >Go Daddy Class 2 CA C,C,C >Certificate "Starfield Class 2 CA C,C,C This last nickname seems badly formatted. I don't think it should contain the word Certificate nor the unmatched quote character.
Attachment #180818 -
Flags: review?(nelson)
Assignee | ||
Comment 6•19 years ago
|
||
That was an editing error. Sorry. It has been corrected in this list.
Attachment #180818 -
Attachment is obsolete: true
Attachment #180820 -
Flags: superreview?(hecker)
Attachment #180820 -
Flags: review?(nelson)
Assignee | ||
Updated•19 years ago
|
Attachment #180818 -
Flags: superreview?(hecker)
Assignee | ||
Comment 7•19 years ago
|
||
Comment on attachment 180820 [details]
List of new roots and their trust bits
Hmm, looking at this list closer, I think we should
add "Root" to the nickname for Global Chambersign:
Camerfirma Global Chambersign C,C,C
Agreed?
Comment 8•19 years ago
|
||
Yes, I think all these nicknames want to have the word Root in them. Is the name "Go Daddy" or "GoDaddy"? Is it two words? or one?
Assignee | ||
Comment 9•19 years ago
|
||
Added "Root" to the nickname for the "Global Chambersign" root.
Attachment #180817 -
Attachment is obsolete: true
Assignee | ||
Comment 10•19 years ago
|
||
Attachment #180820 -
Attachment is obsolete: true
Attachment #180849 -
Flags: superreview?(hecker)
Attachment #180849 -
Flags: review?(nelson)
Assignee | ||
Updated•19 years ago
|
Attachment #180820 -
Flags: superreview?(hecker)
Attachment #180820 -
Flags: review?(nelson)
Assignee | ||
Comment 11•19 years ago
|
||
Nelson, The "Go Daddy" name is two words. I added "Root" to the nickname for the "Global Chambersign" root but left the "Go Daddy" and "Starfield" roots' nicknames alone because many other roots' nicknames also use "CA" instead of "Root". We are not consistent.
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → 3.9.6
Comment 12•19 years ago
|
||
Nicknames and trust bits look OK to me. sr=hecker (or whatever the convention is -- no one ever asks me to superreview anything :-)
Comment 13•19 years ago
|
||
With this patch, will there be any discrepancies between 3.10 nicknames and 3.9.6 nicknames? If not, then r=nelson In reply to comment 11, indeed I see NSS is quite inconsistent about nicknames. We have 20-30 in each of these categories: - use Root but not CA, - use CA but not Root - use both Root and CA - use neither
Assignee | ||
Comment 14•19 years ago
|
||
There won't be any discrepancies between 3.10 nicknames and 3.9.6 nicknames.
Assignee | ||
Comment 15•19 years ago
|
||
Comment on attachment 180849 [details] [diff] [review] List of new roots and their trust bits, v1.1 Requesting Mozilla 1.7.8 and Aviary 1.0.4 approvals. This patch adds root CA certificates that Frank Hecker recently approved to the NSS_3_9_BRANCH and is suitable for MOZILLA_1_7_BRANCH and AVIARY_1_0_1_20050124_BRANCH. The patch itself is not human readable because it's binary data. So I asked Nelson Bolyard and Frank Hecker to review the most important data in the patch. They indicated their r+ and sr+ in comment 13 and comment 12 but forgot to set the flags.
Attachment #180849 -
Flags: approval1.7.8?
Attachment #180849 -
Flags: approval-aviary1.0.4?
Updated•19 years ago
|
Attachment #180849 -
Flags: review?(nelson) → review+
Updated•19 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
Updated•19 years ago
|
Attachment #180849 -
Flags: approval1.7.8? → approval1.7.9?
Comment 16•19 years ago
|
||
Comment on attachment 180849 [details] [diff] [review] List of new roots and their trust bits, v1.1 1.0.5 and 1.7.8 have already shipped; removing approval requests.
Attachment #180849 -
Flags: approval1.7.9?
Attachment #180849 -
Flags: approval-aviary1.0.5?
Assignee | ||
Comment 17•19 years ago
|
||
I asked for drivers' approval several times but the drivers are only taking security fixes on the Aviary 1.0.x and Mozilla 1.7 branches. I gave up. Marked the bug WONTFIX. Sorry, Frank.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → WONTFIX
Assignee | ||
Updated•17 years ago
|
Attachment #180849 -
Flags: superreview?(hecker)
You need to log in
before you can comment on or make changes to this bug.
Description
•