|
|
| Line 54: |
Line 54: |
| == [mailto:bsmith@mozilla.com Brian Smith] == | | == [mailto:bsmith@mozilla.com Brian Smith] == |
|
| |
|
| Sooner:
| | Last Week: |
|
| |
|
| # {{bug|674148}} - De-serialize certificate chain validations. The patch for {{bug|674147}} does this.
| | * Out of town |
| # Import NSS 3.13.2 pre-release into mozilla-central
| |
| # Help Steve Workman with {{bug|354493}} if needed.
| |
| # {{bug|660749}} - PSM doesn't revalidate certificates of resources from the cache.
| |
| # {{bug|640625}} - PKCS#12 does not iterate hashing - patch needs to be checked in
| |
| # {{bug|682244}} and {{bug|676829}}
| |
| # {{bug|590364}} and {{bug|650355}} - Stop accepting MD5 as a hash algorithm
| |
|
| |
|
| Later:
| | This Week and Next Week: |
| # Import NSS 3.13.2 final release into mozilla-central
| | |
| # Bug {{nbug|624514}} - PSM accesses pref service off the main thread - have patch, need to test. | | # Drive patch review queue to zero |
| # {{nbug|664542}} - hidden | | # TLS 1.1 |
| # {{nbug|508633}} - Unresponsive OCSP server should not be treated as revocation
| | # Check in checkin-needed patches for NSS |
| # Test PSM using libpkix vs current cert chain building using SSLLabs and/or EFF SSL Observatory data sets.
| | # Prototyping certificate whitelisting mechanism |
| # Fix bug {{nbug|650307}} - Certificate chain is verified twice for EV certificates | | # Work on libpkix enabled by default (bug 651246) |
| # Fix bug {{nbug|481656}} - Change cert viewer to validate/build cert chains the same way they are used for trust decisions
| |
| # Fix bug {{nbug|650296}} - PSM may report a different certificate error than what was originally encountered | |
| # Any libpkix fixes identified during libpkix testing. | |
| # Fix bug {{nbug|651246}} - Make libpkix-based certificate path building/validation the default in PSM.
| |
| # Review rrelyea's patches for bug {{nbug|470994}} (and related bugs) - Complete active distrust in NSS
| |
| # TLS compression (Google already wrote patches, but they may require some cleanup and we need to enable the feature in PSM.)
| |
| # Patches to NSS needed to support NSS/PSM startup time improvements (bug {{nbug|648407}}, bug {{nbug|648435}}, bug {{nbug|648431}})
| |
| # PSM startup time improvements (bug {{nbug|648407}}, bug {{nbug|648435}}, bug {{nbug|648431}})
| |
| # Drive decision on acceptable cert validation staleness (no bug, related to bug {{nbug|643916}}, will try to pass off to Gervase)
| |
| # Implement subscription-based blocklisting of certs via update ping (Bug {{nbug|647868}}, bug {{nbug|643982}}) - Needs libpkix
| |
| # Remove support for weak crypto (https://www.wsjsafehouse.com/)
| |
| # OCSP stapling
| |
|
| |
|
| == [mailto:hbambas@mozilla.com Honza Bambas] == | | == [mailto:hbambas@mozilla.com Honza Bambas] == |