separate public key pinning implementation from HSTS implementation
Categories
(Core :: Security: PSM, task, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox91 | --- | fixed |
People
(Reporter: keeler, Assigned: keeler)
Details
(Whiteboard: [psm-assigned])
Attachments
(3 files)
The public key pinning implementation is much less complex than the HSTS implementation, and only needs a small subset of the parameters of the latter. Furthermore, the information it relies on is static, and so is safe to access from content processes. The aim of this bug is to separate the two implementations, thus simplifying both of them and avoiding some unnecessary IPC calls.
Assignee | ||
Comment 1•3 years ago
|
||
This patch converts the pinning preference
"security.cert_pinning.enforcement_level" to be static. It also removes some
unused pinning preferences and parameters.
Assignee | ||
Comment 2•3 years ago
|
||
The public key pinning implementation is much less complex than the HSTS
implementation, and only needs a small subset of the parameters of the latter.
Furthermore, the information it relies on is static, and so is safe to access
from content processes. This patch separates the two implementations, thus
simplifying both of them and avoiding some unnecessary IPC calls in the
process.
Depends on D117095
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ab3060a5f69e convert pinning to use a static pref r=rmf https://hg.mozilla.org/integration/autoland/rev/83206685ca0b introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers
Comment 4•3 years ago
|
||
Backed out for causing marionette failures on test_navigation.py and mochitest failures on browser_setIgnoreCertificateErrors.js.
Assignee | ||
Comment 5•3 years ago
|
||
Previously, SetDisableAllSecurityChecksAndLetAttackersInterceptMyData would
only work as expected if another operation happened to clear the TLS session
cache (namely, changing a preference that caused nsNSSComponent to change its
TLS options and clear the TLS session cache). This patch ensures that this
function works without relying on such coincidences.
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/f8a7bd4519c6 clear the TLS session cache in SetDisableAllSecurityChecksAndLetAttackersInterceptMyData r=rmf https://hg.mozilla.org/integration/autoland/rev/f58d5156f332 convert pinning to use a static pref r=rmf https://hg.mozilla.org/integration/autoland/rev/7e67994f6a65 introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers
Assignee | ||
Updated•3 years ago
|
Comment 7•3 years ago
|
||
Backed out for causing build bustages.
Backout link: https://hg.mozilla.org/integration/autoland/rev/527778a530059e97f862f725986b9f54b1dd32fd
Failure log: https://treeherder.mozilla.org/logviewer?job_id=342532103&repo=autoland&lineNumber=1994
https://treeherder.mozilla.org/logviewer?job_id=342532058&repo=autoland&lineNumber=1254
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1051579018f1 clear the TLS session cache in SetDisableAllSecurityChecksAndLetAttackersInterceptMyData r=rmf https://hg.mozilla.org/integration/autoland/rev/6a10fc0722ef convert pinning to use a static pref r=rmf https://hg.mozilla.org/integration/autoland/rev/8fa99e3f1e73 introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers
Comment 9•3 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/1051579018f1
https://hg.mozilla.org/mozilla-central/rev/6a10fc0722ef
https://hg.mozilla.org/mozilla-central/rev/8fa99e3f1e73
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Description
•