User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; MS-RTC LM 8; InfoPath.1) Build Identifier: Please include SHA1 versions of the "Thawte Server CA" and "Thawte Premium Server CA". The version of the root currently in the NSS root store uses MD5. We are replacing this with a rehashed version that uses SHA1. The new SHA-1 root has the same name and public key but a different serial number. Reproducible: Always
assuming that you're a colleague of Jay Schiavo (mentioned in other requests like bug 484903 and bug 409237), I'm moving this to the correct category.
Assignee: nobody → kathleen95014
Status: UNCONFIRMED → NEW
Component: Security → CA Certificates
Ever confirmed: true
Product: Firefox → mozilla.org
QA Contact: firefox → ca-certificates
Version: unspecified → other
Both of these roots are SHA1, 1024-bit. I believe that the purpose of including these roots at this point in time would be to transition off of the equivalent MD5 roots that are currently in NSS. However, it looks like we will be disabling MD5 via an NSS environment variable, so perhaps the certs under those MD5 roots don't need to be migrated to these Sha1 roots? Also note that the root inclusion process takes about a year: https://wiki.mozilla.org/CA:How_to_apply#Timeline So these roots would likely get included after the cutoff date for CAs to stop issuing certs under 1024-bit roots.
Status: NEW → ASSIGNED
Tony, Can this bug be closed?
We are no longer adding 1024-bit roots.
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.