New issue
Advanced search Search tips

Issue 732427 link

Starred by 4 users

Issue metadata

Status: Verified
Owner:
Closed: Sep 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Remove EV Certs Whitelist

Project Member Reported by rsleevi@chromium.org, Jun 12 2017

Issue description

The EV Certs Whitelist was introduced to handle the transition to requiring CT for EV certificates in 2015/01/01. It contained a whitelist of those publicly-disclosed EV certificates issued prior to that date, and which should maintain their EV status.

As an EV certificate is only valid for 27 months, by virtue of the EV Guidelines, we're now past the point where all valid EV certificates have expired. This means that the code - and the component - can be safely and fully removed.
 
Project Member

Comment 2 by bugdroid1@chromium.org, Jun 14 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1

commit cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1
Author: rsleevi <rsleevi@chromium.org>
Date: Wed Jun 14 10:18:26 2017

Remove the EV Certs Whitelist

Introduced as part of the 2015/01/01 requirement that all EV
certificates should be accompanied by Certificate Transparency
information, the EVCertWhitelist contained the set of publicly
logged EV certificates issued prior to that date, to ensure they
maintained their EV status.

As an EV certificate is only valid for 27 months, the whitelist has
been shrinking over time, with the most recent update trimming it to
around 100 certificates.

However, as 27 months have passed since 2015/01/01, the whitelist is
no longer needed, and as such, the entire supporting infrastructure is
also no longer needed.

This rewinds the code by:
  - Removing the EVCertsWhitelist from //net
  - Removing the distinct EV CT policy from CTPolicyEnforcer
  - Unwinding the EV CT status from the CTVerifyResult and SSLInfo
  - Removing the specific Golomb-coded compressed CT EV whitelist logic
  - Removing the Component Updater version of the EV whitelist
  - Removing all metrics related to the EV whitelist

BUG= 732427 
TBR=lcwu@chromium.org,sergeyu@chromium.org,isherman@chromium.org

Review-Url: https://codereview.chromium.org/2937563002
Cr-Commit-Position: refs/heads/master@{#479343}

[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/WATCHLISTS
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/chrome/browser/BUILD.gn
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/chrome/browser/chrome_browser_main.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/chrome/browser/chromeos/login/session/user_session_manager.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/chrome/browser/component_updater/DEPS
[delete] https://crrev.com/7fa075e8c7635e26f35041b62cd34da83c575e72/chrome/browser/component_updater/ev_whitelist_component_installer.cc
[delete] https://crrev.com/7fa075e8c7635e26f35041b62cd34da83c575e72/chrome/browser/component_updater/ev_whitelist_component_installer.h
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/chromecast/browser/url_request_context_factory.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/components/BUILD.gn
[delete] https://crrev.com/7fa075e8c7635e26f35041b62cd34da83c575e72/components/packed_ct_ev_whitelist/BUILD.gn
[delete] https://crrev.com/7fa075e8c7635e26f35041b62cd34da83c575e72/components/packed_ct_ev_whitelist/DEPS
[delete] https://crrev.com/7fa075e8c7635e26f35041b62cd34da83c575e72/components/packed_ct_ev_whitelist/OWNERS
[delete] https://crrev.com/7fa075e8c7635e26f35041b62cd34da83c575e72/components/packed_ct_ev_whitelist/bit_stream_reader.cc
[delete] https://crrev.com/7fa075e8c7635e26f35041b62cd34da83c575e72/components/packed_ct_ev_whitelist/bit_stream_reader.h
[delete] https://crrev.com/7fa075e8c7635e26f35041b62cd34da83c575e72/components/packed_ct_ev_whitelist/bit_stream_reader_unittest.cc
[delete] https://crrev.com/7fa075e8c7635e26f35041b62cd34da83c575e72/components/packed_ct_ev_whitelist/packed_ct_ev_whitelist.cc
[delete] https://crrev.com/7fa075e8c7635e26f35041b62cd34da83c575e72/components/packed_ct_ev_whitelist/packed_ct_ev_whitelist.h
[delete] https://crrev.com/7fa075e8c7635e26f35041b62cd34da83c575e72/components/packed_ct_ev_whitelist/packed_ct_ev_whitelist_unittest.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/content/common/common_param_traits_unittest.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/content/common/resource_messages.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/content/common/resource_messages.h
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/content/shell/browser/shell_url_request_context_getter.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/BUILD.gn
[delete] https://crrev.com/7fa075e8c7635e26f35041b62cd34da83c575e72/net/cert/ct_ev_whitelist.h
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/cert/ct_policy_enforcer.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/cert/ct_policy_enforcer.h
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/cert/ct_policy_enforcer_unittest.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/cert/ct_policy_status.h
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/cert/ct_verify_result.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/cert/ct_verify_result.h
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/quic/chromium/crypto/proof_verifier_chromium.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/quic/chromium/crypto/proof_verifier_chromium_test.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/socket/ssl_client_socket_impl.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/socket/ssl_client_socket_unittest.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/socket/ssl_server_socket_unittest.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/spdy/chromium/spdy_test_util_common.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/ssl/ssl_config_service.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/ssl/ssl_config_service.h
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/ssl/ssl_info.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/ssl/ssl_info.h
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/net/url_request/url_request_unittest.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/remoting/protocol/ssl_hmac_channel_authenticator.cc
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/tools/metrics/histograms/enums.xml
[modify] https://crrev.com/cd7390ed559bc7101d0c29b2bc2e5b71b01c8eb1/tools/metrics/histograms/histograms.xml

Status: Verified (was: Assigned)

Sign in to add a comment