SecurityEngineering/Certificate Verification: Difference between revisions

SecurityEngineering/Certificate Verification (view source)

Revision as of 17:14, 24 July 2014

477 bytes removed , 24 July 2014

→‎The Plan

Mmc

Confirmed users

238

edits

@@ Line 41: / Line 41: @@
 Matt Wobensmith just completed compatibility-testing of 200k HTTPS sites and found 16 with issues. These are being investigated.
-=== The Plan ===
+=== Implementation status ===
-Some work remains on mozilla::pkix. We have broken this work into two parts: prerequisites for it to be enabled by default on Nightly, and prerequisites for it to be enabled by default on Beta and then Release. There is not enough bake time left on Nightly 30, so Nightly 31 will be the first version with this on by default.
-To turn mozilla::pkix on in Nightly, we need to:
+Released in FF 31.
+Remaining bugs:
 # Add low-level OCSP unit tests: {{Bug|916629}} (:briansmith, :st3fan)
 # Test that results from the certificate database are interpreted correctly: {{Bug|966820}} (:cviecco)
 # Expand EKU (extended key usage) tests: {{Bug|970470}} (:cviecco)
-These items should be done by the end of next week.
-To turn mozilla::pkix on in Beta/Release, we need to:
 # Add backoff for OCSP requests when the responder fails: {{bug|977865}} (:keeler) [this may take a week or two]
 # Enforce consistent handling of isCA bit and certSign/crlSign key usages: {{bug|970196}} (:briansmith)
@@ Line 63: / Line 58: @@
 # Improve error handling in VerifyEncodedOCSPResponse: {{bug|977870}} (:keeler) [code written - needs review]
 # Document functions exported from the library: {{bug|968451}} (:briansmith)
-These items should be done by April 28.
 For more details, see the dependency trees for {{bug|915930}} and {{bug|976961}}, respectively.

SecurityEngineering/Certificate Verification: Difference between revisions

SecurityEngineering/Certificate Verification (view source)

Revision as of 17:14, 24 July 2014

Navigation menu

Search