Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate ECDSAForAll feature and remove ECDSAAllowList #7560

Merged
merged 4 commits into from
Jun 26, 2024
Merged

Deprecate ECDSAForAll feature and remove ECDSAAllowList #7560

merged 4 commits into from
Jun 26, 2024

Conversation

pgporada
Copy link
Member

@pgporada pgporada commented Jun 24, 2024
edited
Loading

ECDSAForAll feature is now enabled by default (due to it not being referenced in any issuance path) and as a result the ECDSAAllowlist has been deleted.

Fixes #7535

@pgporada pgporada mentioned this pull request Jun 25, 2024
Merged
pgporada added a commit that referenced this pull request Jun 25, 2024
@pgporada
issuerCerts match counterparts in config-next (#7562)
8f9ddd3 
Makes the `issuerCerts` list in `test/config` match the corresponding
list in `test/config-next`. As a result, fixes an issue encountered with
`config` integration testing in
#7560 and
#7561.
@pgporada pgporada marked this pull request as ready for review June 25, 2024 20:19
@pgporada pgporada requested a review from a team as a code owner June 25, 2024 20:19
@github-actions GitHub Actions
Copy link
Contributor

@pgporada, this PR appears to contain configuration and/or SQL schema changes. Please ensure that a corresponding deployment ticket has been filed with the new values.

@pgporada
Copy link
Member Author

SRE has no configs with the ECDSAAllowlist and had previously enabled ECDSAForAll in staging and production. This should be safe (for us) to merge in. I've notified Certainly out-of-band.

aarongable
aarongable approved these changes Jun 25, 2024
View reviewed changes
Copy link
Contributor

@aarongable aarongable left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Make sure you file an SRE ticket for the ECDSAForAll feature flag to be removed from configs, so that when we get around to deleting it entirely from boulder it will already be gone from prod.

@pgporada
Copy link
Member Author

IN-10419

@pgporada pgporada merged commit 9207669 into main Jun 26, 2024
18 checks passed
@pgporada pgporada deleted the deprecate-ecdsa-allowlist-and-ecdsaforall branch June 26, 2024 14:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aarongable aarongable aarongable approved these changes

@beautifulentropy beautifulentropy beautifulentropy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove ECDSA allow-list and ECDSAForAll feature flag
3 participants
@pgporada @aarongable @beautifulentropy