Distrust Symantec Certificates issued from the Legacy Symantec Infrastructure |
|||||||||||
Issue descriptionAs stated in https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html , a phased approach to distrusting Symantec certificates will be followed. In M70, all certificates issued from Symantec's legacy infrastructure - that is, those not issued by the independently operated sub-CAs or Managed Partner Infrastructure - will be distrusted.
,
Jan 27 2018
,
Mar 19 2018
,
Jul 23
Friendly ping to get an update on this issue. Thanks..!
,
Jul 25
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ff77dbed6aa45f0a131a8119ae7317ae19c65706 commit ff77dbed6aa45f0a131a8119ae7317ae19c65706 Author: Ryan Sleevi <rsleevi@chromium.org> Date: Wed Jul 25 01:27:51 2018 Distrust the remainder of the Symantec Legacy PKI As previously communicated, and as documented at at https://g.co/chrome/symantecpkicerts, certificates issued by the Symantec Legacy PKI Infrastructure between 2016-06-01 and 2017-12-01 will no longer be trusted. This changes the default state to remove trust in these certificates. Certificates issued under the DigiCert Managed PKI, or those from previously-identified, independent third-party CAs, are not affected. Bug: 796230 , 805460 Change-Id: I74bdecc9dfdd66dec1a111f9eddb830babfa8222 Reviewed-on: https://chromium-review.googlesource.com/1134209 Commit-Queue: Nick Harper <nharper@chromium.org> Reviewed-by: Nick Harper <nharper@chromium.org> Cr-Commit-Position: refs/heads/master@{#577764} [modify] https://crrev.com/ff77dbed6aa45f0a131a8119ae7317ae19c65706/net/cert/cert_verify_proc.cc
,
Aug 1
Issue 869201 has been merged into this issue.
,
Aug 6
Please check & update the issue status as per C#5 Thanks..!
,
Aug 13
Friendly ping to get an update on this issue as it is marked as RBB. Thanks..!
,
Aug 13
There's nothing needed from the QA/Test side. This is a tracking bug that we're working with TPMs on :)
,
Aug 21
Gentle ping to get an update on this issue as it is marked as RBB. Thanks..!
,
Aug 27
@rsleevi: Friendly ping! Could you please provide any update on this issue as it has been marked as a beta blocker. Thank You!
,
Aug 27
I thougth Comment #9 captured this? We're working with TPMs to monitor.
,
Sep 4
Friendly ping to get an update on this issue as it is marked as RBB. Thanks..!
,
Sep 4
,
Sep 4
Note that this bug is ReleaseBlock-Beta and still open as it requires a merge to make it into the first M70 beta, but not any other channel. We'll coordinate with M70 desktop release TPM (abdulsyed@).
,
Sep 5
,
Sep 5
To be clear what's being Merge-Request'd - https://chromium-review.googlesource.com/c/chromium/src/+/1205710
,
Sep 5
Approved - branch:3538
,
Sep 5
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/12e0dae7c92f4b24532fb2862dc394079cdd5977 commit 12e0dae7c92f4b24532fb2862dc394079cdd5977 Author: Ryan Sleevi <rsleevi@chromium.org> Date: Wed Sep 05 19:19:41 2018 Use Finch to control Legacy Symantec Distrust on Beta For M70 Beta+, use Finch to control whether or not the Symantec Legacy PKI is trusted. This results in some unpredictability for the First-Run experience, but provides greater flexibility and ensures users can "phone home" to get Finch updates if necessary. Bug: 805460 Change-Id: I0cc07e3e473fa53b9b17f177db77aea75477b4e7 Reviewed-on: https://chromium-review.googlesource.com/1205710 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Andrew Whalley <awhalley@google.com> Cr-Commit-Position: refs/branch-heads/3538@{#63} Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811} [modify] https://crrev.com/12e0dae7c92f4b24532fb2862dc394079cdd5977/net/cert/cert_verify_proc.cc
,
Sep 7
,
Sep 10
Removing release block beta label now. |
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by rsleevi@chromium.org
, Jan 24 2018