Hey Sid, can you give an update on this action plan?
https://groups.google.com/group/mozilla.dev.security/browse_thread/thread/f8afac1eef7cb4cd/
Gerv had given an update last June:
https://groups.google.com/group/mozilla.dev.security/msg/2b50d4d8dee715ba
After the few meetings and a couple of
On 2/27/12 6:30 AM, Stephen Schultze wrote:
> Hey Sid, can you give an update on this action plan?
Here's what I know:
>> Bucket A:
>> - Move to libpkix for all cert validation (bug 479393)
Best place to follow this is now at bug 651246. There are seven bugs
that need to get fixed first. NSS a
On 27/02/12 16:41, Sid Stamm wrote:
> On 2/27/12 6:30 AM, Stephen Schultze wrote:
>> Hey Sid, can you give an update on this action plan?
>
> Here's what I know:
And this page may also be enlightening with regard to the current
priorities for the security team:
https://wiki.mozilla.org/Security/R
Am 2012-02-27 15:30, schrieb Stephen Schultze:
> Bucket C:
> - Disable cert overrides for *very old* expired certs (might not be in
> any CRLs anymore)
This might become a problem if some embedded devices create self-signed
certs valid only in 1970 or something equally intelligent. Not allowing
us
On 28/02/12 23:18 PM, Gervase Markham wrote:
On 27/02/12 16:41, Sid Stamm wrote:
On 2/27/12 6:30 AM, Stephen Schultze wrote:
Hey Sid, can you give an update on this action plan?
Here's what I know:
And this page may also be enlightening with regard to the current
priorities for the security
