Confirmed users, Administrators
5,526
edits
CA/Certificate Change Process: Difference between revisions
Jump to navigation
Jump to search
m
minor clarification
(Updated to match current process) |
m (minor clarification) |
||
| Line 81: | Line 81: | ||
#*** Subject/Issuer field values in the root certificate to be changed | #*** Subject/Issuer field values in the root certificate to be changed | ||
#*** SHA256 Fingerprint of the certificate to be changed | #*** SHA256 Fingerprint of the certificate to be changed | ||
#*** Specify if the root is to be removed, or which trust bits are to be turned off | #*** Specify the change to be made. e.g. if the root is to be removed, or which trust bits are to be turned off, or the distrust-after dates | ||
#**** Consideration: For a serious situation, it might be better to disable the trust bits of that root, rather than just remove the root. If the root is removed, it could potentially be signed by another root that is included in NSS. However, if we disable the trust bits by default, then that root could not be used again for TLS in Firefox unless a user specifically turned on the websites trust bit for it. | #**** Consideration: For a serious situation, it might be better to disable the trust bits of that root, rather than just remove the root. If the root is removed, it could potentially be signed by another root that is included in NSS. However, if we disable the trust bits by default, then that root could not be used again for TLS in Firefox unless a user specifically turned on the websites trust bit for it. | ||
#*** Reason for requesting this change | #*** Reason for requesting this change | ||