Open Bug 1121061 Opened 8 years ago Updated 8 years ago

Provide access to list of pinned domains or alternate way to verify pinning of a domain.


(Firefox :: Security, enhancement)

35 Branch
Windows 7
Not set





(Reporter: marcausl, Unassigned)


With the Pinning Extension now implemented, it would be useful if a user could see a list of pinned domains.

As an example, I might want to verify that my bank is pinned before accessing it in on a questionable (read hotel) network.

Access could be in about: or another UI.  Alternately, the security information pop up that shows certificates etc. could indicate if the domain was pinned.
Is the feature added in bug 932179 sufficient? I realize it doesn't allow you to view a site's pinning status before visiting it, but that kind of functionality is probably best suited to an addon (see also bug 1115712 for exposing that information in a way addons can query it).
I'm thinking about normal users, so I suspect bug 932179 is a non-starter.

On further reflection, the obvious place for this is in the security information that pops up when you click the lock before the url in the url bar, since it would unambiguously show that this connection was protected from man in the middle attacks. 

An addon would be a second best choice, particularly if it provided a list and the user had to look through it to verify safety.
You need to log in before you can comment on or make changes to this bug.