Make sure the HPKP/HSTS preload expiration dates are accurate for Firefox 58

RESOLVED FIXED

Status

()

P1
normal
RESOLVED FIXED
a year ago
a year ago

People

(Reporter: RyanVM, Assigned: keeler)

Tracking

58 Branch
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox58+ fixed)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 attachment)

(Reporter)

Description

a year ago
+++ This bug was initially created as a clone of Bug #1397441 +++

Confirm and patch security/manager/ssl/StaticHPKPins.h and security/manager/ssl/nsSTSPreloadList.inc in 58 to have sufficient lifetime on the preloaded HPKP and STS pins.

Going off past precedents, we'll want an expiration date of around 2018-05-01 to coincide with the release of Firefox 60.
Tracking 58+.
tracking-firefox58: ? → +
(Reporter)

Comment 2

a year ago
We should get this landed on Beta soon. Can you put up a patch, David?
Flags: needinfo?(dkeeler)
Posted patch patchSplinter Review
Calendar says May 8th right now, so that's what I went with.
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Flags: needinfo?(dkeeler)
Attachment #8939681 - Flags: review?(jjones)
Priority: P2 → P1
Whiteboard: [psm-blocked] → [psm-assigned]
Comment on attachment 8939681 [details] [diff] [review]
patch

Review of attachment 8939681 [details] [diff] [review]:
-----------------------------------------------------------------

Confirmed, that timestamp is Firefox 58 + 2 releases = Firefox 60.
Attachment #8939681 - Flags: review?(jjones) → review+
Comment on attachment 8939681 [details] [diff] [review]
patch

Approval Request Comment
[Feature/Bug causing the regression]: n/a
[User impact if declined]: built-in pinning and hsts information would expire before the next update
[Is this code covered by automated tests?]: yes
[Has the fix been verified in Nightly?]: n/a
[Needs manual test from QE? If yes, steps to reproduce]: no
[List of other uplifts needed for the feature/fix]: none
[Is the change risky?]: no
[Why is the change risky/not risky?]: this just increases the expiration time of these data structures - we've done it a number of times now and we're fairly confident in the process
[String changes made/needed]: none
Attachment #8939681 - Flags: approval-mozilla-beta?
Comment on attachment 8939681 [details] [diff] [review]
patch

Important fix. Beta58+.
Attachment #8939681 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
(Reporter)

Comment 7

a year ago
uplift
https://hg.mozilla.org/releases/mozilla-beta/rev/70846c567017
Status: ASSIGNED → RESOLVED
Last Resolved: a year ago
status-firefox58: affected → fixed
Resolution: --- → FIXED
(Reporter)

Updated

a year ago
Blocks: 1427957
(Reporter)

Updated

a year ago
No longer blocks: 1436376
You need to log in before you can comment on or make changes to this bug.