Open Bug 1004350 Opened 10 years ago Updated 19 days ago

Pin all the things

Categories

(Core :: Security: PSM, defect, P3)

Product:
Core
Component:
Security: PSM
Platform:
x86
macOS
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox32 --- fixed
firefox33 --- fixed
relnote-firefox --- 32+

People

(Reporter: mmc, Unassigned)

References

(Depends on 1 open bug)

Details

(Whiteboard: [psm-tracking]) 

The first iteration of CA pinning includes pinning only mozilla sites. It is possible to pin many more, this is the tracking bug for that.
Depends on: 744204
No longer blocks: 1004351
Depends on: 1004275, 1004351
Depends on: 772756
No longer depends on: 744204
added it for the beta 32 release notes:
"Public key pinning support enabled (learn more)"
learn more pointing to the wiki page
https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning

I guess that also applies to Android, right?
status-firefox32: --- → fixed
status-firefox33: --- → fixed
relnote-firefox: --- → 32+
(In reply to Sylvestre Ledru [:sylvestre] from comment #1)
> added it for the beta 32 release notes:
> "Public key pinning support enabled (learn more)"
> learn more pointing to the wiki page
> https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
> 
> I guess that also applies to Android, right?

Thanks for asking, it only applies to desktop so far. We wanted to wait to turn it on for Fennec just in case there are massive problems :P

https://bugzilla.mozilla.org/show_bug.cgi?id=1019255

Fennec bug:
Added to 34 mobile release notes.
Whiteboard: [psm-tracking]
Severity: normal → S3

Where can we find the current list of pinned websites. Is the wiki documentation https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning still up to date?

You need to log in before you can comment on or make changes to this bug.