Closed Bug 605187 Opened 14 years ago Closed 13 years ago

Remove AOL Time Warner root certs

Categories

(CA Program :: CA Certificate Root Program, task)

Product:
CA Program
Component:
CA Certificate Root Program
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kathleen.a.wilson, Assigned: kathleen.a.wilson)

References

Details

(Whiteboard: NSS 3.12.10, Firefox 6.0) 

AOL has requested that the following two roots be removed from Mozilla's CA root store, because they are obsolete and not in use. Removing these roots will not have any impact to Mozilla users, because there are no current end-entity certs chaining up to either of these roots.

The roots to be removed are as follows.

CN = AOL Time Warner Root Certification Authority 1
OU = America Online Inc.
O = AOL Time Warner Inc.
SHA1 Fingerpint: 74:54:53:5C:24:A3:A7:58:20:7E:3E:3E:D3:24:F8:16:FB:21:16:49

CN = AOL Time Warner Root Certification Authority 2
OU = America Online Inc.
O = AOL Time Warner Inc.
SHA1 Fingerprint: FC:21:9A:76:11:2F:76:C1:C5:08:83:3C:9A:2F:A2:BA:84:AC:08:7A


This begins the root removal process as described here:
https://wiki.mozilla.org/CA:Root_Change_Process#Remove_a_Root
Status: NEW → ASSIGNED
I have received email from the representative of AOL, confirming that these are the two root certificates that should be removed.
In response to the initial request, I already turned off all trust bits for the two certificates.  According to "How Mozilla Products Respond to User Changes of Root Certificates" at <https://wiki.mozilla.org/CA:UserCertDB#How_Mozilla_Products_Respond_to_User_Changes_of_Root_Certificates>, this means the two certificates also reside in a separate database in my profile.  Thus, when this bug report is implemented, I will still have those certificates.  

At the mozilla.dev.security.policy newsgroup, I have requested -- more than once -- information on what file(s) I should delete from my profile in order to eliminate changes I made to NSS certificates.  I have received no replies to my messages.  Without that information, I will not receive the result of implementing this removal or the implementation of bug #617664.
I have added a section called "How To Restore Default Root Certificate Settings" to https://wiki.mozilla.org/CA:UserCertDB 

Separate note: Bug #622719 was filed for the actual changes in NSS to remove these roots.
Depends on: 622719
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Whiteboard: NSS 3.12.10, Firefox 6.0
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.