Closed
Bug 1330393
Opened 7 years ago
Closed 3 years ago
disable ssl pinning for GMP updates
Categories
(Core :: Audio/Video: GMP, defect, P3)
Core
Audio/Video: GMP
Tracking
()
RESOLVED
DUPLICATE
of bug 1714621
People
(Reporter: bhearsum, Unassigned)
References
Details
We've long disabled cert pinning for Gecko updates because of the relatively high occurence of SSL MitM'ing that breaks it. Sometimes this is AV vendors, sometimes this is other things - but in all cases, any user whose connection to aus5.mozill.org is MitM'ed cannot install Gecko Media Plugins. This likely means that there's a significant number of people who cannot use Netflix in Firefox because Widevine won't install. The route we've gone with Gecko and System Addon updates is to sign the payload instead. For Gecko and System Addons, this means signing the MAR or XPI with a key that only we have access to, and verifying that on the client side. For GMP this may look different because we're not always the ones building the plugins. In any case, we'd need to have all plugins signed by some key (doesn't have to be the same one), and verify them on the client side before running them. And once we disable pinning, signing a plugin would become prerequisite to shipping it to users.
|
||
Updated•7 years ago
|
Rank: 25
Priority: -- → P2
|
Reporter | |
Comment 1•7 years ago
|
||
It looks like the most likely way we'll get here is to sign the XML response from Balrog.
Depends on: 1304782
|
||
Comment 2•7 years ago
|
||
Mass change P2->P3 to align with new Mozilla triage process.
Priority: P2 → P3
|
|
Reporter | |
Comment 3•3 years ago
|
||
Forwarding-duping to https://bugzilla.mozilla.org/show_bug.cgi?id=1714621, which already has a bit more discussion in it.
|
|
Reporter | |
Updated•3 years ago
|
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•