** Changed in: ca-certificates (Ubuntu)
Status: New => Confirmed
** Changed in: ca-certificates (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/1643379
Title:
ca-certificates in xenial still trusts CNNIC
Status in ca-certificates package in Ubuntu:
Confirmed
Bug description:
CNNIC has been distrusted by Mozilla in April 2015
(https://blog.mozilla.org/security/2015/04/02/distrusting-new-cnnic-
certificates/). The technical implementation involves blacklisting by
notBefore date, which is unfortunately not replicatable by ca-
certificates. There should be some kind of action here of pulling the
root certificate at some point rather than continue to provide it with
blanket trust. (And it's only one example, Startcom and Wosign are
more recent ones.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1643379/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
