Closed Bug 1341396 Opened 7 years ago Closed 11 months ago

Generate transparency metadata for Firefox releases

Tracking

()

Status:

RESOLVED INCOMPLETE

People

(Reporter: rbarnes, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(3 files, 1 obsolete file)

Sample SHA256SUMMARY file 7 years ago Richard Barnes [:rbarnes] 2.35 MB, text/plain		Details
Sample transparency certificate chain 7 years ago Richard Barnes [:rbarnes] 2.35 MB, text/plain		Details
Sample transparency certificate chain 7 years ago Richard Barnes [:rbarnes] 3.53 KB, application/x-x509-ca-cert		Details
Sample transparency SCT 7 years ago Richard Barnes [:rbarnes] 118 bytes, application/octet-stream		Details

Richard Barnes [:rbarnes]

Reporter

Description

•

7 years ago

Including:

* Merkle tree head for a release (over SHA256SUMS)
* Inclusion proofs to that tree head for each file in the release
* Certificate covering that tree head
* Proof of log inclusion (Signed Certificate Timestamp or inclusion proof)

Richard Barnes [:rbarnes]

Reporter

Updated

•

7 years ago

Blocks: BinaryTransparency

Richard Barnes [:rbarnes]

Reporter

Updated

•

7 years ago

Depends on: 1338232

Richard Barnes [:rbarnes]

Reporter

Updated

•

7 years ago

Depends on: 1342974

Richard Barnes [:rbarnes]

Reporter

Updated

•

7 years ago

Depends on: 1346354

Richard Barnes [:rbarnes]

Reporter

Updated

•

7 years ago

Depends on: 1346359

Richard Barnes [:rbarnes]

Reporter

Updated

•

7 years ago

Depends on: 1346360

Richard Barnes [:rbarnes]

Reporter

Comment 1

•

7 years ago

Attached file Sample SHA256SUMMARY file — Details

Produced by release automation for 53.0b2.  Not present in the release because of a failure to upload; recovered from logs instead.

Richard Barnes [:rbarnes]

Reporter

Comment 2

•

7 years ago

Attached file Sample transparency certificate chain (obsolete) — Details

Generated by Let's Encrypt, via a draft script to create certificates from SHA256SUMMARY files.

Richard Barnes [:rbarnes]

Reporter

Comment 3

•

7 years ago

Attached file Sample transparency certificate chain — Details

Generated by Let's Encrypt via a draft script for creating certificates from summary files.

Attachment #8847693 - Attachment is obsolete: true

Richard Barnes [:rbarnes]

Reporter

Comment 4

•

7 years ago

Attached file Sample transparency SCT — Details

Generated by the Google Pilot log, via a draft script to submit transparency certs to logs and get SCTs.

Richard Barnes [:rbarnes]

Reporter

Comment 5

•

7 years ago

With the three attachments I just posted, you should be able to verify that binaries in the 53.0b2 release have been publicly committed:

- Verify the inclusion proof for the file with the indicated tree head
- Verify that the tree head is in the certificate
- Verify that the SCT covers the certificate

Jordan Lund (:jlund)

Updated

•

7 years ago

Assignee: nobody → btang

Jordan Lund (:jlund)

Comment 6

•

7 years ago

Brandon Tang is going to start looking into this for us! :D

Nick Thomas [:nthomas] (UTC+12)

Comment 7

•

7 years ago

And now it passes to me. In addition to the steps in comment #0 we need to submit data into the update server.

Assignee: btang → nthomas

Nick Thomas [:nthomas] (UTC+12)

Updated

•

7 years ago

Depends on: 1384296

Nick Thomas [:nthomas] (UTC+12)

Updated

•

7 years ago

Depends on: 1395402

Daniel Veditz [:dveditz]

Updated

•

7 years ago

Priority: -- → P3

Nick Thomas [:nthomas] (UTC+12)

Updated

•

6 years ago

Assignee: nthomas → nobody

Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)

Updated

•

6 years ago

Depends on: 1503352

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

Julien Cristau [:jcristau]

Comment 8

•

11 months ago

As far as I can tell this effort died down some years ago; closing.

Status: NEW → RESOLVED

Closed: 11 months ago

Resolution: --- → INCOMPLETE

You need to log in before you can comment on or make changes to this bug.