On 12/12/13 2:11 AM, Jan Schejbal wrote:
Roots can be removed by disabling the trust bits (i.e. a reasonably
simple change). This should be done ASAP after the relevant date -
shouldn't it have been included in the Gecko/Firefox 27 beta currently
running? Can it still be included, or is it too late for that?
Relevant bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=881553
https://bugzilla.mozilla.org/show_bug.cgi?id=936304 (non-Symantec roots)
https://bugzilla.mozilla.org/show_bug.cgi?id=936105 (Symantec roots)
To summarize the current status of 1024-bit roots, all but the
Symantec-owned roots will be either removed or have the websites and
code signing trust bits disabled in Firefox 28. Symantec owes me a
schedule for removing or turning off the websites and code signing trust
bits for the roots listed in bug #936105. Symantec is aware that this
work needs to be completed as soon as possible and within the first half
of 2014. The problem is that the root certs that Symantec acquired had
issued a lot of long-lived 1024-bit certs.
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy