Closed Bug 1006107 Opened 11 years ago Closed 11 years ago

Set enforcement level for pinning to zero and setup pinning for *.addons.mozilla.org

Categories

(Core :: Security: PSM, defect)

x86_64
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla32

People

(Reporter: cviecco, Assigned: cviecco)

References

Details

Attachments

(1 file, 1 obsolete file)

After today's meeting we agreed on: 1. make the pinning pref not hidden 2. Chnge the default from 1(enable mitm) to 0 (pinning disabled) 3. Put the addons site pins back on (and include use mozilla_cdn as the pinning info).
Attachment #8417600 - Flags: review?(dkeeler)
Assignee: nobody → cviecco
Comment on attachment 8417600 [details] [diff] [review] set-addons-pinn-and-pref-to-disabled Review of attachment 8417600 [details] [diff] [review]: ----------------------------------------------------------------- Great - r=me with comments addressed. ::: security/manager/tools/PreloadedHPKPins.json @@ +25,5 @@ > // equifax -> aus3 > // Geotrust Primary -> www.mozilla.org > // Geotrust Global -> *. addons.mozilla.org > > +// From bug 772756, mozilla uses GeoTrust, Digicert and Thawte Put this documentation next to the declaration of the pinset itself. @@ +30,5 @@ > // geotrust ca info: http://www.geotrust.com/resources/root-certificates/index.html > { > "pinsets": [ > { > "name": "mozilla", If we're not using this pinset, let's remove it. In fact, let's remove this pinset and call the other one "mozilla". @@ +93,5 @@ > } > ], > > "entries": [ > + // from bug 1005653 we learned that addon subdomains include cdn sites I'm not sure this comment is helpful in the long run.
Attachment #8417600 - Flags: review?(dkeeler) → review+
Keeping r+ from keeler
Attachment #8417600 - Attachment is obsolete: true
Attachment #8417643 - Flags: review+
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
Summary: Set enforcement level for pining to zero and setup pinning for *.addons.mozilla.org → Set enforcement level for pinning to zero and setup pinning for *.addons.mozilla.org
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: