Open Bug 1341396 Opened 3 years ago Updated 8 months ago

Generate transparency metadata for Firefox releases

Categories

(Firefox :: Security, defect, P3)

defect

Tracking

()

People

(Reporter: rbarnes, Unassigned)

References

(Depends on 5 open bugs, Blocks 1 open bug)

Details

Attachments

(3 files, 1 obsolete file)

Including:

* Merkle tree head for a release (over SHA256SUMS)
* Inclusion proofs to that tree head for each file in the release
* Certificate covering that tree head
* Proof of log inclusion (Signed Certificate Timestamp or inclusion proof)
Depends on: 1338232
Depends on: 1341948
Depends on: 1342974
Depends on: 1346351
Depends on: 1346354
Depends on: 1346359
Depends on: 1346360
Produced by release automation for 53.0b2.  Not present in the release because of a failure to upload; recovered from logs instead.
Attached file Sample transparency certificate chain (obsolete) —
Generated by Let's Encrypt, via a draft script to create certificates from SHA256SUMMARY files.
Generated by Let's Encrypt via a draft script for creating certificates from summary files.
Attachment #8847693 - Attachment is obsolete: true
Generated by the Google Pilot log, via a draft script to submit transparency certs to logs and get SCTs.
With the three attachments I just posted, you should be able to verify that binaries in the 53.0b2 release have been publicly committed:

- Verify the inclusion proof for the file with the indicated tree head
- Verify that the tree head is in the certificate
- Verify that the SCT covers the certificate
Assignee: nobody → btang
Brandon Tang is going to start looking into this for us! :D
And now it passes to me. In addition to the steps in comment #0 we need to submit data into the update server.
Assignee: btang → nthomas
Priority: -- → P3
Assignee: nthomas → nobody
You need to log in before you can comment on or make changes to this bug.