Closed Bug 1828703 Opened 2 years ago Closed 2 years ago

Remove Dropbox from Firefox static key pins (SPKP)

Categories

(Core :: Security: PSM, task, P1)

All
Unspecified
task

Tracking

()

RESOLVED FIXED
114 Branch
Tracking Status
firefox114 --- fixed

People

(Reporter: April, Assigned: keeler)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

Hey there, security folks. Long time no see. :)

Dropbox was recently contacted by the Chromium Security team, asking if we still wanted to be included in the Chromium static key pins. We have declined to remain included, and would like to have our pins removed from Firefox as we now believe that CAA and certificate transparency is sufficient for our needs.

I'll send an email to the pinning@ and security@ email account soon to help confirm, and I've also CC'd Dan Fuhry from Dropbox's Traffic team on this bug.

Thanks!

It seems the pinning@ list isn't working properly, so April reached out to me via Twitter.

Assignee: nobody → dkeeler
Severity: -- → N/A
Priority: -- → P1
Whiteboard: [psm-assigned]
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/be2884fe0d69 remove dropbox from preloaded pins r=jschanck
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 114 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: