Require COSE signatures for extensions
Categories
(Core :: Security: PSM, enhancement, P2)
Tracking
()
People
(Reporter: dveditz, Unassigned)
References
Details
(Whiteboard: [psm-blocked])
Currently the value of "security.signed_app_signatures.policy" is "2", which will verify COSE extensions if present but accepts weak SHA-1 file hashes for PKCS#7 signatures.
We've had a long transition period and would like to now require the use of COSE signatures by changing the value of that pref to "4".
Comment 1•5 years ago
|
||
We're still confirming (though sounds very close) - that this should not land until Firefox 70. Will update bug title to include that to avoid landing in an earlier version of Firefox.
Comment 2•5 years ago
|
||
(In reply to :shell escalante from comment #1)
We're still confirming (though sounds very close) - that this should not land until Firefox 70. Will update bug title to include that to avoid landing in an earlier version of Firefox.
I'm currently asking around to try and figure out where we are on this. Requiring COSE will not ship in 70. Good to get the validation out in 69 for testing.
This has been on hold for a while, so I'm going to wontfix this for now.
Reporter | ||
Updated•2 years ago
|
Description
•