Closed Bug 757240 Opened 8 years ago Closed 7 years ago

May 2012 batch of changes to the EV-activation list

Categories

(Core :: Security: PSM, defect)

10 Branch
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla19

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Attachments

(2 files)

This bug proposes to use a single batch for all the currently pending and requested changes to the list of certificates enabled for EV, as seen in the dependency list.
Depends on: 757242
Attached patch Patch v1Splinter Review
Assignee: nobody → kaie
The link in comment 2 will go away after a couple of days.
A backup download locaiton is http://kuix.de/mozilla/tryserver-roots-20120521/
In case you're surprised about this change:

// CN=Buypass Class 3 CA 1,O=Buypass AS-983163327,C=NO
     "2.16.578.1.26.1.3.3",
-    "Buypass Class 3 CA 1",
+    "Buypass EV OID",


This string is an identifier string for the OID.
It must be identical for all entries with the same OID.
And the old string didn't make sense as a generic OID string for multiple roots.
Assignee: kaie → kwilson
Assignee: kwilson → honzab.moz
Comment on attachment 625785 [details] [diff] [review]
Patch v1

This should had been done in May, we missed it.

Asking for review.
Attachment #625785 - Flags: review?(bsmith)
Given that all versions from FF 15 contain the required roots in NSS, you could consider to target beta.
What needs to be done to get this change in?

I looked at the attached patch, and it has the correct changes, which are as follows:

Bug #751960 – StartCom
Change existing EV OID to 1.3.6.1.4.1.23223.1.1.1
Add
Friendly name: StartCom Certification Authority
SHA1 Fingerprint: A3:F1:33:3F:E2:42:BF:CF:C5:D1:4E:8F:39:42:98:40:68:10:D1:A0
EV Policy OID: 1.3.6.1.4.1.23223.1.1.1  
Add
Friendly name: StartCom Certification Authority G2
SHA1 Fingerprint: 31:F1:FD:68:22:63:20:EE:C6:3B:3F:9D:EA:4A:3E:53:7C:7C:39:17
EV Policy OID: 1.3.6.1.4.1.23223.1.1.1

Bug #752106 – Buypass
Add
Friendly name: Buypass Class 3 Root CA
SHA1 Fingerprint: DA:FA:F7:FA:66:84:EC:06:8F:14:50:BD:C7:C2:81:A5:BC:A9:64:57
EV policy OID: 2.16.578.1.26.1.3.3
Anyone of the PSM module peers must mark the patch as r+
Comment on attachment 625785 [details] [diff] [review]
Patch v1

Review of attachment 625785 [details] [diff] [review]:
-----------------------------------------------------------------

I suggest that we let kwilson r+ all the EV bit setting and root inclusion requests in the future.
Attachment #625785 - Flags: review?(bsmith) → review+
Assignee: honzab.moz → kaie
Target Milestone: --- → mozilla19
https://hg.mozilla.org/mozilla-central/rev/49138b4f5fc9
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: in-testsuite-
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.