Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Moving Pending CA list from XML into Spreadsheet
57 views
Skip to first unread message
Kathleen Wilson
Aug 14, 2013, 1:25:05 PM8/14/13
to mozilla-dev-s...@lists.mozilla.org
All,
I'm working on migrating the Pending CA List
from XML (http://www.mozilla.org/projects/security/certs/pending/)
into a spreadsheet
(http://www.mozilla.org/projects/security/certs/pending/index.html)
I'm only about half-way through, but wanted to make it available for
feedback. The XML version will go away soon after the migration to the
spreadsheet is complete.
Please let me know if you have comments/suggestions for the new
spreadsheet.
Kathleen
I'm working on migrating the Pending CA List
from XML (http://www.mozilla.org/projects/security/certs/pending/)
into a spreadsheet
(http://www.mozilla.org/projects/security/certs/pending/index.html)
I'm only about half-way through, but wanted to make it available for
feedback. The XML version will go away soon after the migration to the
spreadsheet is complete.
Please let me know if you have comments/suggestions for the new
spreadsheet.
Kathleen
Ralph Holz (TUM)
Aug 14, 2013, 2:59:57 PM8/14/13
to
Hi Kathleen,
Ah, that is very good, I was already thinking about writing a small parser. But Google exports to CSV, which is better. :)
One wish that I have, and that I actually also have for the list of included certificates, would be sha1 values of the certificates included in a column (= the sha1 in the root store). That would make it easier to correlate between cert and root store versions in the CVS (-> root store archaeology), and also allow the scanning people among us to find out if a cert is already seen in the wild before inclusion or not.
BTW, do I read the pending list correctly as "even when it says it's approved, it means it's not in the current release yet"?
Ralph
Ah, that is very good, I was already thinking about writing a small parser. But Google exports to CSV, which is better. :)
One wish that I have, and that I actually also have for the list of included certificates, would be sha1 values of the certificates included in a column (= the sha1 in the root store). That would make it easier to correlate between cert and root store versions in the CVS (-> root store archaeology), and also allow the scanning people among us to find out if a cert is already seen in the wild before inclusion or not.
BTW, do I read the pending list correctly as "even when it says it's approved, it means it's not in the current release yet"?
Ralph
David E. Ross
Aug 14, 2013, 7:05:32 PM8/14/13
to mozilla-dev-s...@lists.mozilla.org
frame's vertical scrollbar. It is very difficult to scroll up-down
without accidentally selecting one of those links.
The Status should be after the Owner, Organization, Organizational Unit,
and Common Name or Certificate Name.
The headers should remain fixed while vertically scrolling so that users
do not have to keep scrolling up to see the headers and then back down
to the entry they want. Similarly, the Owner (see comment above) should
remain fixed while horizontally scrolling so that users can remain
focused on the certificate they are viewing.
To reach the horizontal scrollbar at the bottom of the frame, I must
scroll the page to the point where the top of the frame is well beyond
the viewport.
Outside of the frame, there should be a guide to the color-coding. You
might also attempt to select colors that will not be difficult to
distinguish by users who are color-blind.
My configuration:
Windows XP Home Edition SP3
1280x720 screen, 32-bit true colors
Mozilla/5.0 (Windows NT 5.1; rv:23.0) Gecko/20100101 SeaMonkey/2.20
SeaMonkey Default Theme 2.20
Font preferences:
Proportional: serif 16px
serif: Georgia
sans-serif: Verdana
cursive: Comic Sans MS
fantasy: Bauhaus
Monospace: Courier New 16px
Minimum: 10px
--
David E. Ross
<http://www.rossde.com/>
Concerned about someone (e.g., the government)
snooping into your E-mail? Use PGP.
See my <http://www.rossde.com/PGP/>
Kathleen Wilson
Aug 15, 2013, 6:53:33 PM8/15/13
to mozilla-dev-s...@lists.mozilla.org
On 8/14/13 11:59 AM, Ralph Holz (TUM) wrote:
> Hi Kathleen,
>
> Ah, that is very good, I was already thinking about writing
> a small parser. But Google exports to CSV, which is better. :)
>
> One wish that I have, and that I actually also have for the
> list of included certificates, would be sha1 values of the
> certificates included in a column (= the sha1 in the root store).
> That would make it easier to correlate between cert and root store
> versions in the CVS (-> root store archaeology), and also allow
> the scanning people among us to find out if a cert is already
> seen in the wild before inclusion or not.
I added a "SHA1 Fingerprint" column to the pending certificates
> Hi Kathleen,
>
> Ah, that is very good, I was already thinking about writing
> a small parser. But Google exports to CSV, which is better. :)
>
> One wish that I have, and that I actually also have for the
> list of included certificates, would be sha1 values of the
> certificates included in a column (= the sha1 in the root store).
> That would make it easier to correlate between cert and root store
> versions in the CVS (-> root store archaeology), and also allow
> the scanning people among us to find out if a cert is already
> seen in the wild before inclusion or not.
spreadsheet. Only part of it is displayed in the published spreadsheet,
but that probably still helps identify a cert.
I added an item to my to-do list regarding adding this column to the
included certificates spreadsheet.
>
> BTW, do I read the pending list correctly as "even when it says
> it's approved, it means it's not in the current release yet"?
be included in the next batch of code changes which happen about every 3
months or when there is a significant batch of changes.
Note that sometimes the pending list will be for changes (trust bit
changes or adding EV treatment) to root certs that are already included.
Kathleen
Kathleen Wilson
Aug 15, 2013, 7:51:09 PM8/15/13
to mozilla-dev-s...@lists.mozilla.org
On 8/14/13 4:05 PM, David E. Ross wrote:
>
> The navigation links listed down the right side of the page overlap the
> frame's vertical scrollbar. It is very difficult to scroll up-down
> without accidentally selecting one of those links.
I removed the header and footer information, which apparently created
>
> The navigation links listed down the right side of the page overlap the
> frame's vertical scrollbar. It is very difficult to scroll up-down
> without accidentally selecting one of those links.
the navigation links listed down the right side of the page.
I changed the iframe width to be a percentage of the window size.
>
> The Status should be after the Owner, Organization, Organizational Unit,
> and Common Name or Certificate Name.
>
> The headers should remain fixed while vertically scrolling so that users
> do not have to keep scrolling up to see the headers and then back down
> to the entry they want. Similarly, the Owner (see comment above) should
> remain fixed while horizontally scrolling so that users can remain
> focused on the certificate they are viewing.
spreadsheet that gets lost.
Does anyone know how to make the Google published spreadsheet keep
rows/columns frozen?
>
> To reach the horizontal scrollbar at the bottom of the frame, I must
> scroll the page to the point where the top of the frame is well beyond
> the viewport.
window size, so I chose a smaller number.
>
> Outside of the frame, there should be a guide to the color-coding. You
> might also attempt to select colors that will not be difficult to
> distinguish by users who are color-blind.
Thanks,
Kathleen
Ralph Holz (TUM)
Aug 16, 2013, 12:56:52 PM8/16/13
to
Hi Kathleen,
> I added a "SHA1 Fingerprint" column to the pending certificates
> spreadsheet. Only part of it is displayed in the published spreadsheet,
> but that probably still helps identify a cert.
That's excellent! AFAICT the entire SHA1 is there in the CSV output, so that won't be a problem.
> I added an item to my to-do list regarding adding this column to the
> included certificates spreadsheet.
Thanks!
> "Approved, pending inclusion" means that it has been approved and will
> be included in the next batch of code changes which happen about every 3
> months or when there is a significant batch of changes.
>
> Note that sometimes the pending list will be for changes (trust bit
> changes or adding EV treatment) to root certs that are already included.
Yes. The new hashes will help in easily identifying them.
Thanks again,
Ralph
> I added a "SHA1 Fingerprint" column to the pending certificates
> spreadsheet. Only part of it is displayed in the published spreadsheet,
> but that probably still helps identify a cert.
> I added an item to my to-do list regarding adding this column to the
> included certificates spreadsheet.
> "Approved, pending inclusion" means that it has been approved and will
> be included in the next batch of code changes which happen about every 3
> months or when there is a significant batch of changes.
>
> Note that sometimes the pending list will be for changes (trust bit
> changes or adding EV treatment) to root certs that are already included.
Thanks again,
Ralph
0 new messages