CA:MaintenanceAndEnforcement: Difference between revisions

Jump to navigation Jump to search

CA:MaintenanceAndEnforcement (view source)

Revision as of 19:25, 7 January 2013

100 bytes added ,  7 January 2013
m
→‎Concerns
Line 137: Line 137:


* Certs that have been mistakenly issued with weak RSA keys or insufficient key usage can be used maliciously until we implement {{Bug|360126}} and {{Bug|725351}}.
* Certs that have been mistakenly issued with weak RSA keys or insufficient key usage can be used maliciously until we implement {{Bug|360126}} and {{Bug|725351}}.
* The code patch to distrust a cert should only disclose the necessary information; {{Bug|826640}}.
* If the certificate to be distrusted is cross-signed by another certificate in NSS, then the Serial Number and Issuer for that certificate chain also has to be distrusted. This is error-prone, even if we ask every CA in Mozilla's program if they have cross-signed with the certificate to be distrusted.
* If the certificate to be distrusted is cross-signed by another certificate in NSS, then the Serial Number and Issuer for that certificate chain also has to be distrusted. This is error-prone, even if we ask every CA in Mozilla's program if they have cross-signed with the certificate to be distrusted.
** Possible Scenario: A cross-signing relationship is overlooked, so the malicious certificate continues to be trusted even after the security update.
** Possible Scenario: A cross-signing relationship is overlooked, so the malicious certificate continues to be trusted even after the security update.
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/496919"

Navigation menu