Confirm, administrator
5,526
edits
Changes
m
minor updates
# Test
#* Manual testing: Need at least one of the bad leaf certs to make sure the distrust worked.
#* Add test to cert.sh (NSS test file) for the ongoing test of the Active Distrust. At minimum, need the intermediate cert for this test. Preferable to also have a leaf cert, which may have been provided when the compromised cert was reported; otherwise would need to request from the CA.
# Release
#* NSS security update, or new version of NSS roots module can be released independently.
#* Depending on the timing and the urgency of the patch, the update may be done either as part of regularly scheduled [https://wiki.mozilla.org/Releases Mozilla releases,] or as a chemspill update (an off-schedule release that addresses live security vulnerabilities). Some Linux users of Firefox use their OS version of NSS, so they would have to make sure that they pick up the [https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases new version of NSS].
# Communication / Announcements
#* Announcement in [https://www.mozilla.org/en-US/about/forums/#dev-security-policy mozilla.dev.security.policy]
#* If the Active Distrust is the result of a security incident, then the Mozilla Security Group will assign a [http://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures CVE (security incident number)] and reference the new version of NSS or root module.
#* May send an email communication to all CAs, depending on situation.
