All, I need to finalize the December batch of root changes this week (Bug #1733003 <https://bugzilla.mozilla.org/show_bug.cgi?id=1733003>), which currently contains Bug #1735407 <https://bugzilla.mozilla.org/show_bug.cgi?id=1735407>, "Replace Google Trust Services LLC (GTS) root certificates in NSS", which is this exact scenario of this discussion -- replacing a root CA certificate (missing the digitalSignature key usage bit) with another root CA certificate (same key pair) that has the digitalSignature key usage bit set.
At this time I am inclined to remove Bug #1735407 <https://bugzilla.mozilla.org/show_bug.cgi?id=1735407> from the December 2021 batch of root changes and put it as tentatively to be part of the March 2022 batch of root changes, so that we will have time for this discussion to come to full conclusion. Does anyone foresee any problems with me postponing Bug #1735407 <https://bugzilla.mozilla.org/show_bug.cgi?id=1735407> to March? Thanks, Kathleen -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/6d5313f6-390b-4523-8b05-2d7f97461d22n%40mozilla.org.
