Confirmed users
299
edits
SecurityEngineering/Removing Compatibility Workarounds in mozilla::pkix: Difference between revisions
Jump to navigation
Jump to search
SecurityEngineering/Removing Compatibility Workarounds in mozilla::pkix (view source)
Revision as of 18:30, 6 November 2015
, 6 November 2015remove draft status
(update date) |
(remove draft status) |
||
| Line 1: | Line 1: | ||
In the process of implementing mozilla::pkix, a number of compatibility issues were encountered involving certificates that did not conform to the Baseline Requirements. To maintain interoperability, some workarounds were added to allow these malformed or improper certificates to validate successfully. However, to improve the state of the web PKI, these workarounds will be removed. As of Firefox 49, if a certificate has a notBefore time after 0:00 23 August 2016 and is affected by any of these workarounds (see below), it will not validate successfully. This document will track the implementation work necessary to remove those workarounds. | In the process of implementing mozilla::pkix, a number of compatibility issues were encountered involving certificates that did not conform to the Baseline Requirements. To maintain interoperability, some workarounds were added to allow these malformed or improper certificates to validate successfully. However, to improve the state of the web PKI, these workarounds will be removed. As of Firefox 49, if a certificate has a notBefore time after 0:00 23 August 2016 and is affected by any of these workarounds (see below), it will not validate successfully. This document will track the implementation work necessary to remove those workarounds. | ||