CA/Maintenance and Enforcement: Difference between revisions

Jump to navigation Jump to search

CA/Maintenance and Enforcement (view source)

Revision as of 20:21, 24 September 2018

183 bytes removed ,  24 September 2018
→‎Concerns: Delete 'failed to update NSS' scenario
(→‎Concerns: Update scenarios with new info)
(→‎Concerns: Delete 'failed to update NSS' scenario)
Line 150: Line 150:
** Possible Solutions: Implement date-based distrust {{Bug|712615}}, a whitelist of certs to remain trusted {{Bug|1151512}}, or make an announcement that the root will be distrusted on such a date, allowing a small transition time for websites to update their SSL certs before before the Firefox chemspill update is released.
** Possible Solutions: Implement date-based distrust {{Bug|712615}}, a whitelist of certs to remain trusted {{Bug|1151512}}, or make an announcement that the root will be distrusted on such a date, allowing a small transition time for websites to update their SSL certs before before the Firefox chemspill update is released.
* Distrusting a certificate requires a release to the NSS root module, and users have to choose to upgrade to the new version. Firefox users are protected from distrusted certificates that are added to [https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ OneCRL].
* Distrusting a certificate requires a release to the NSS root module, and users have to choose to upgrade to the new version. Firefox users are protected from distrusted certificates that are added to [https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ OneCRL].
** Possible Scenario: A user decides not to update their version of NSS, so they continue to trust the certificate in their application.
** Possible Solutions: OneCRL {{Bug|1130757}}
Wthayer
136

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1201490"

Navigation menu