Updating CCADB PEM extracted data June 18-22

Mon, 18 Jun 2018 11:01:16 -0700 

All,
We will begin the CCADB migration to the new PEM-extraction tool today, and expect to be done by Friday. It will take a couple days to make all the changes, re-run the PEM-extraction over all of the data, update reports, etc. 


The CCADB and reports will continue to be available during the 
migration, but there may be momentary inconsistencies in the 
PEM-extracted data and fields. Note that these are read-only fields in 
the CCADB.



The most noticeable changes will be:

1) Certificate Serial Number
New value is upper case. (e.g. old: 35def4cf, new: 35DEF4CF)

2) SHA-1 Fingerprint and SHA-256 Fingerprint
Removing the colons.

OLD: 
08:29:7A:40:47:DB:A2:36:80:C7:31:DB:6E:31:76:53:CA:78:48:E1:BE:BD:3A:0B:01:79:A7:07:F9:2C:F1:78

NEW: 08297A4047DBA23680C731DB6E317653CA7848E1BEBD3A0B0179A707F92CF178


3) "Certificate ID" field will be replaced by a new "Subject + SPKI 
SHA256" field, and a new "SPKI SHA256" field will be added.

Removing the colons.

OLD: 
4F:31:A6:06:59:45:EA:BC:6A:45:CB:AD:72:D8:0A:20:A4:40:0E:55:05:B9:2A:0C:4C:F1:F6:C1:A3:10:92:9F

NEW: FF5680CD73A5703DA04817A075FD462506A73506C4B81A1583EF549478D26476

4) New Signature Hash Algorithm values
NEW Values:
ecdsaWithSHA256
ecdsaWithSHA384
MD5WithRSA
SHA1WithRSA
SHA256WithRSA
SHA384WithRSA
SHA512WithRSA

5) New Key Usage values
NEW Values:
CRL Sign
Digital Signature
Non Repudiation
Key Encipherment
Certificate Sign
Key Agreement

6) New Extended Key Usage values
NEW Values:
ExtKeyUsageOCSPSigning
ExtKeyUsageIPSECEndSystem
ExtKeyUsageIPSECTunnel
ExtKeyUsageIPSECUser
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageServerAuth
ExtKeyUsageTimeStamping
ExtKeyUsageMicrosoftServerGatedCrypto
ExtKeyUsageNetscapeServerGatedCrypto

7) Technically Constrained

Checkbox will be updated according to Mozilla's current policy (e.g. EKU 
*and* Name Constraints)


I will appreciate your patience this week, during this migration.

Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy






















					Reply via email to