Closed
Bug 1630038
Opened 5 years ago
Closed 5 years ago
remove HPKP (http public key pinning) entirely (not built-in pins)
Categories
(Core :: Security: PSM, task, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla78
People
(Reporter: keeler, Assigned: keeler)
References
Details
(Whiteboard: [psm-assigned])
Attachments
(1 file)
HPKP is disabled by default (bug 1412438). Due to socket process work, it has already become a maintenance burden (see bug 1485652). This bug will remove HPKP entirely. (NB: HPKP refers to "http public key pinning", which is the ability to set pins via a http header. Static pins shipped with the browser will not be affected by this.)
Assignee | ||
Comment 1•5 years ago
|
||
This removes processing of HTTP Public Key Pinning headers, remotely modifying
pinning information, and using cached pinning information, all of which was
already disabled in bug 1412438. Static pins that ship with the browser are
still enforced.
Assignee | ||
Updated•5 years ago
|
Severity: -- → N/A
status-firefox75:
--- → wontfix
status-firefox76:
--- → wontfix
status-firefox77:
--- → wontfix
status-firefox78:
--- → affected
status-firefox-esr68:
--- → wontfix
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/924f613d68ab
remove HPKP entirely r=kjacobs,bbeurdouche
Comment 3•5 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla78
You need to log in
before you can comment on or make changes to this bug.
Description
•