Closed Bug 1330446 Opened 3 years ago Closed 3 years ago

Ensure that the HPKP pinning expiration for Firefox 51 is after the release of Firefox 52

Categories

(Core :: Security: PSM, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla51
Tracking Status
firefox51 --- fixed

People

(Reporter: jcj, Assigned: jcj)

References

Details

Attachments

(1 file)

+++ This bug was initially created as a clone of Bug #1307530 +++

[Tracking Requested - why for this release]: Possible MITM issue if not done before Fx51 ships.

The core issue for Bug #1307530 is not resolved, so this bug is to do the same thing again for Fx51.

The expiry timestamp currently in beta [1] is for 19 February 2017 @ 2:02pm (UTC), or 16 days *prior* to the scheduled release of 52. Last time we extended the expiration to {release date}+21 days. Doing that again would be 28 March 2017, or timestamp=1490659200 . 

[1] https://hg.mozilla.org/releases/mozilla-beta/file/tip/security/manager/ssl/StaticHPKPins.h#l1167
Comment on attachment 8825976 [details] [diff] [review]
Bump the HPKP and HSTS expiration dates to 28 March 2017

[Feature/Bug causing the regression]: Repeat of Bug 1307530
[User impact if declined]: Possible MITM issue if not done before Fx51 ships.

This is pretty much the same as the pushes to nightly / aurora to move the expiry timestamp forward with a=hsts-update (etc).

(NIs per ritu's instructions on IRC.)
Flags: needinfo?(lhenry)
Flags: needinfo?(gchang)
Attachment #8825976 - Flags: approval-mozilla-beta?
Flags: needinfo?(gchang)
Comment on attachment 8825976 [details] [diff] [review]
Bump the HPKP and HSTS expiration dates to 28 March 2017

Bump the expiration date to avoid possible MITM issue. Beta51+. Should be in 51 Beta 14.
Attachment #8825976 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Flags: needinfo?(lhenry)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.