New issue
Advanced search Search tips

Issue 676680 link

Starred by 4 users
Status: Fixed
Owner:
elawrence@chromium.org
Closed: Jan 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug
Team-Security-UX

Blocked on:
issue 676327


Sign in to add a comment

Remove obsolete date-based SHA-1 security UX

Project Member Reported by elawrence@chromium.org, Dec 22 2016 
Chrome Version: 57

In Chrome 42, we introduced UX code that behaved differently depending on whether a certificate chain containing SHA-1 signatures expired in 2016 or 2017. Now that it's 2017 (when this change ships) we should remove that unnecessary code.

In Chrome 56, any SHA-1 containing chain from a public CA will block with an interstitial and a "Not Secure" UI treatment.

In Chrome 57, any SHA-1 containing chain from ANY CA (including internal PKI) will block with a warning unless the EnableSha1ForLocalAnchors policy is set, in which case SHA-1 should be downgraded to a Neutral security level.

Comment 1 Deleted

Comment 2 by elawrence@chromium.org, Jan 3 2017

Status: Started (was: Assigned)
Project Member

Comment 3 by bugdroid1@chromium.org, Jan 10 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/be87bd63a20be57d92589cd382263623e978af9f

commit be87bd63a20be57d92589cd382263623e978af9f
Author: elawrence <elawrence@chromium.org>
Date: Tue Jan 10 16:08:59 2017

Remove obsolete SHA-1 UX elements

In the past, Chrome provided a "minor" warning state for certificate
chains containing SHA-1 certificates that expired before 2017. It's now
2017, so all such certificates have expired, and this UX is no longer
needed.

BUG= 676680 

Review-Url: https://codereview.chromium.org/2616553002
Cr-Commit-Position: refs/heads/master@{#442597}

[modify] https://crrev.com/be87bd63a20be57d92589cd382263623e978af9f/chrome/browser/ssl/security_state_tab_helper.cc
[modify] https://crrev.com/be87bd63a20be57d92589cd382263623e978af9f/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc
[modify] https://crrev.com/be87bd63a20be57d92589cd382263623e978af9f/chrome/browser/ui/website_settings/website_settings.cc
[modify] https://crrev.com/be87bd63a20be57d92589cd382263623e978af9f/chrome/browser/ui/website_settings/website_settings.h
[modify] https://crrev.com/be87bd63a20be57d92589cd382263623e978af9f/chrome/browser/ui/website_settings/website_settings_ui.cc
[modify] https://crrev.com/be87bd63a20be57d92589cd382263623e978af9f/chrome/browser/ui/website_settings/website_settings_unittest.cc
[modify] https://crrev.com/be87bd63a20be57d92589cd382263623e978af9f/components/pageinfo_strings.grdp
[modify] https://crrev.com/be87bd63a20be57d92589cd382263623e978af9f/components/security_state/content/content_utils.cc
[modify] https://crrev.com/be87bd63a20be57d92589cd382263623e978af9f/components/security_state/core/security_state.cc
[modify] https://crrev.com/be87bd63a20be57d92589cd382263623e978af9f/components/security_state/core/security_state.h
[modify] https://crrev.com/be87bd63a20be57d92589cd382263623e978af9f/components/security_state/core/security_state_unittest.cc
[modify] https://crrev.com/be87bd63a20be57d92589cd382263623e978af9f/components/security_state_strings.grdp
[modify] https://crrev.com/be87bd63a20be57d92589cd382263623e978af9f/ios/chrome/browser/ui/omnibox/page_info_model.cc

Comment 4 by elawrence@chromium.org, Jan 10 2017

Status: Fixed (was: Started)

Sign in to add a comment