Provide access to list of pinned domains or alternate way to verify pinning of a domain.

UNCONFIRMED
Unassigned

Status

()

Firefox
Security
--
enhancement
UNCONFIRMED
3 years ago
3 years ago

People

(Reporter: Marc Auslander, Unassigned)

Tracking

35 Branch
x86_64
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
With the Pinning Extension now implemented, it would be useful if a user could see a list of pinned domains.

As an example, I might want to verify that my bank is pinned before accessing it in on a questionable (read hotel) network.

Access could be in about: or another UI.  Alternately, the security information pop up that shows certificates etc. could indicate if the domain was pinned.
Is the feature added in bug 932179 sufficient? I realize it doesn't allow you to view a site's pinning status before visiting it, but that kind of functionality is probably best suited to an addon (see also bug 1115712 for exposing that information in a way addons can query it).
(Reporter)

Comment 2

3 years ago
I'm thinking about normal users, so I suspect bug 932179 is a non-starter.

On further reflection, the obvious place for this is in the security information that pops up when you click the lock before the url in the url bar, since it would unambiguously show that this connection was protected from man in the middle attacks. 

An addon would be a second best choice, particularly if it provided a list and the user had to look through it to verify safety.
You need to log in before you can comment on or make changes to this bug.