Confirmed users, Administrators
5,526
edits
CA/Maintenance and Enforcement: Difference between revisions
Jump to navigation
Jump to search
m
CA/Maintenance and Enforcement (view source)
Revision as of 19:04, 24 September 2018
, 24 September 2018minor updates
m (minor updates) |
m (minor updates) |
||
| Line 123: | Line 123: | ||
# Test | # Test | ||
#* Manual testing: Need at least one of the bad leaf certs to make sure the distrust worked. | #* Manual testing: Need at least one of the bad leaf certs to make sure the distrust worked. | ||
#* Add test to cert.sh for the ongoing test of the Active Distrust. At minimum, need the intermediate cert for this test. Preferable to also have a leaf cert, which may have been provided when the compromised cert was reported; otherwise would need to request from the CA. | #* Add test to cert.sh (NSS test file) for the ongoing test of the Active Distrust. At minimum, need the intermediate cert for this test. Preferable to also have a leaf cert, which may have been provided when the compromised cert was reported; otherwise would need to request from the CA. | ||
# Release | # Release | ||
#* NSS security update, or new version of NSS roots module can be released independently. | #* NSS security update, or new version of NSS roots module can be released independently. | ||
#* Depending on the timing and the urgency of the patch, the update may be done either as part of regularly scheduled [https://wiki.mozilla.org/Releases Mozilla releases,] or as a chemspill update (an off-schedule release that addresses live security vulnerabilities). Some Linux users of Firefox use their OS version of NSS, so they would have to make sure that they pick up the new version of NSS. | #* Depending on the timing and the urgency of the patch, the update may be done either as part of regularly scheduled [https://wiki.mozilla.org/Releases Mozilla releases,] or as a chemspill update (an off-schedule release that addresses live security vulnerabilities). Some Linux users of Firefox use their OS version of NSS, so they would have to make sure that they pick up the [https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases new version of NSS]. | ||
# Communication / Announcements | # Communication / Announcements | ||
#* Announcement in mozilla.dev.security.policy | #* Announcement in [https://www.mozilla.org/en-US/about/forums/#dev-security-policy mozilla.dev.security.policy] | ||
#* If the Active Distrust is the result of a security incident, then the Mozilla Security Group will assign a [http://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures CVE (security incident number)] and reference the new version of NSS or root module. | #* If the Active Distrust is the result of a security incident, then the Mozilla Security Group will assign a [http://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures CVE (security incident number)] and reference the new version of NSS or root module. | ||
#* May send an email communication to all CAs, depending on situation. | #* May send an email communication to all CAs, depending on situation. | ||