Closed
Bug 712615
Opened 13 years ago
Closed 5 years ago
Support date-based root invalidation/untrusting
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1465613
People
(Reporter: gerv, Unassigned)
Details
NSS needs a mechanism such that a certificate in the store can be labelled with "do not trust this certificate if any certificate below it in the chain was issued after date X". This would allow us to disable a root from a certain date (e.g. the date of a compromise) rather than disabling it completely. This gives us a much more surgical tool for dealing with CA compromises than "break the web by pulling the root entirely". It could be a single flag on a certificate (do not trust for any purpose); we do not need the ability to set this on a per-use-type basis (SSL, code signing, etc.). Gerv
Updated•5 years ago
|
Status: NEW → RESOLVED
Closed: 5 years ago
QA Contact: jjones
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•