Closed Bug 1925127 Opened 27 days ago Closed 27 days ago

align built-in certificate transparency expiration time with ecosystem

Categories

(Core :: Security: PSM, defect, P1)

defect

Tracking

()

RESOLVED FIXED
133 Branch
Tracking Status
firefox133 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Chrome expires certificate transparency information after 70 days (10 weeks) if it doesn't get an update. This puts a bound on the time the CT ecosystem assumes clients will either be updated or will no longer enforce CT by, so it represents the speed at which changes can take place. Our implementation currently expires after 12 weeks if Firefox isn't updated, which increases the latency by 2 weeks. To avoid compatibility issues and potential errors solely in Firefox, we should expire CT information after 10 weeks with no update as well.

Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b8a61a1c09b8 align built-in certificate transparency expiration time with ecosystem r=jschanck
Status: NEW → RESOLVED
Closed: 27 days ago
Resolution: --- → FIXED
Target Milestone: --- → 133 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: