Closed
Bug 1006107
Opened 11 years ago
Closed 11 years ago
Set enforcement level for pinning to zero and setup pinning for *.addons.mozilla.org
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
FIXED
mozilla32
People
(Reporter: cviecco, Assigned: cviecco)
References
Details
Attachments
(1 file, 1 obsolete file)
9.01 KB,
patch
|
cviecco
:
review+
|
Details | Diff | Splinter Review |
After today's meeting we agreed on:
1. make the pinning pref not hidden
2. Chnge the default from 1(enable mitm) to 0 (pinning disabled)
3. Put the addons site pins back on (and include use mozilla_cdn as the pinning info).
Assignee | ||
Comment 1•11 years ago
|
||
Assignee | ||
Updated•11 years ago
|
Attachment #8417600 -
Flags: review?(dkeeler)
Assignee | ||
Updated•11 years ago
|
Assignee: nobody → cviecco
Comment 2•11 years ago
|
||
Comment on attachment 8417600 [details] [diff] [review]
set-addons-pinn-and-pref-to-disabled
Review of attachment 8417600 [details] [diff] [review]:
-----------------------------------------------------------------
Great - r=me with comments addressed.
::: security/manager/tools/PreloadedHPKPins.json
@@ +25,5 @@
> // equifax -> aus3
> // Geotrust Primary -> www.mozilla.org
> // Geotrust Global -> *. addons.mozilla.org
>
> +// From bug 772756, mozilla uses GeoTrust, Digicert and Thawte
Put this documentation next to the declaration of the pinset itself.
@@ +30,5 @@
> // geotrust ca info: http://www.geotrust.com/resources/root-certificates/index.html
> {
> "pinsets": [
> {
> "name": "mozilla",
If we're not using this pinset, let's remove it. In fact, let's remove this pinset and call the other one "mozilla".
@@ +93,5 @@
> }
> ],
>
> "entries": [
> + // from bug 1005653 we learned that addon subdomains include cdn sites
I'm not sure this comment is helpful in the long run.
Attachment #8417600 -
Flags: review?(dkeeler) → review+
Assignee | ||
Comment 3•11 years ago
|
||
Keeping r+ from keeler
Attachment #8417600 -
Attachment is obsolete: true
Attachment #8417643 -
Flags: review+
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
Updated•10 years ago
|
Summary: Set enforcement level for pining to zero and setup pinning for *.addons.mozilla.org → Set enforcement level for pinning to zero and setup pinning for *.addons.mozilla.org
You need to log in
before you can comment on or make changes to this bug.
Description
•