HPKP Persistent/Private Storage Checking may be incorrect

RESOLVED DUPLICATE of bug 1242226

Status

()

Core
Security: PSM
RESOLVED DUPLICATE of bug 1242226
2 years ago
2 years ago

People

(Reporter: tjr, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(firefox52 affected)

Details

(Reporter)

Description

2 years ago
In nsSiteSecurityService::GetKeyPinsForHostname (around https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsSiteSecurityService.cpp#1164 )it appears that the stores are checked: Persistent, Private, Preload.

It seems to me the correct order should be:

For Private Browsing: Private, (maybe) Persistent, Preload.  (There are arguments to be had on both sides of the 'maybe')

For 'Normal' browsing: Persistent, Preload.

See also #1242226
Thanks, Tom. I feel like fixing bug 1242226 will address this (or, rather, when we fix that bug, we can incorporate this).
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1242226
You need to log in before you can comment on or make changes to this bug.