Closed Bug 1925127 Opened 20 days ago Closed 19 days ago

align built-in certificate transparency expiration time with ecosystem

Categories

(Core :: Security: PSM, defect, P1)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
133 Branch
Tracking Flags:
Tracking Status
firefox133 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1925127 - align built-in certificate transparency expiration time with ecosystem r?jschanck
48 bytes, text/x-phabricator-request
Details | Review

Chrome expires certificate transparency information after 70 days (10 weeks) if it doesn't get an update. This puts a bound on the time the CT ecosystem assumes clients will either be updated or will no longer enforce CT by, so it represents the speed at which changes can take place. Our implementation currently expires after 12 weeks if Firefox isn't updated, which increases the latency by 2 weeks. To avoid compatibility issues and potential errors solely in Firefox, we should expire CT information after 10 weeks with no update as well.

Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b8a61a1c09b8 align built-in certificate transparency expiration time with ecosystem r=jschanck

https://hg.mozilla.org/mozilla-central/rev/b8a61a1c09b8

Status: NEW → RESOLVED
Closed: 19 days ago
status-firefox133: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 133 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: