Start accepting SHA-2-based hashes for OCSP response matching (CertID.hashAlgorithm)
Categories
(NSS :: Libraries, defect, P3)
Tracking
(Not tracked)
People
(Reporter: briansmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [nss-nofx])
Attachments
(1 file, 1 obsolete file)
6.97 KB,
patch
|
ryan.sleevi
:
review+
briansmith
:
superreview-
|
Details | Diff | Splinter Review |
Reporter | ||
Updated•14 years ago
|
Reporter | ||
Comment 1•11 years ago
|
||
Reporter | ||
Comment 2•11 years ago
|
||
Reporter | ||
Comment 3•11 years ago
|
||
Reporter | ||
Updated•11 years ago
|
Comment 4•11 years ago
|
||
Comment 5•11 years ago
|
||
Updated•11 years ago
|
Reporter | ||
Comment 6•11 years ago
|
||
Comment 7•11 years ago
|
||
Reporter | ||
Comment 8•11 years ago
|
||
Comment 9•2 years ago
|
||
The bug assignee didn't login in Bugzilla in the last months and this bug has priority 'P2'.
:beurdouche, could you have a look please?
For more information, please visit auto_nag documentation.
Updated•2 years ago
|
Comment 10•2 years ago
|
||
The severity field for this bug is relatively low, S3. However, the bug has 10 votes.
:beurdouche, could you consider increasing the bug severity?
For more information, please visit auto_nag documentation.
Comment 11•2 years ago
|
||
In case it is relevant to this bug:
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#513-sha-1
July 1, 2023: CAs SHALL NOT sign SHA-1 hashes over certificates with an EKU extension containing the id-kp-ocspSigning key purpose; intermediate certificates that chain up to roots in Mozilla's program; OCSP responses; or CRLs.
Comment 12•2 years ago
|
||
The last needinfo from me was triggered in error by recent activity on the bug. I'm clearing the needinfo since this is a very old bug and I don't know if it's still relevant.
Updated•2 years ago
|
Description
•