Enforce Certificate Transparency in release on desktop
Categories
(Core :: Security: PSM, enhancement, P1)
Tracking
()
People
(Reporter: tschuster, Assigned: keeler)
References
(Blocks 1 open bug)
Details
(Keywords: dev-doc-complete, Whiteboard: [psm-assigned])
Attachments
(2 files)
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-beta+
|
Details | Review |
![]() |
Assignee | |
Updated•21 days ago
|
![]() |
Assignee | |
Comment 1•21 days ago
|
||
Comment 3•20 days ago
|
||
bugherder |
Reporter | ||
Comment 4•20 days ago
|
||
Awesome! Please consider requesting a release note for this.
![]() |
Assignee | |
Comment 5•20 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D235059
Updated•20 days ago
|
Comment 6•20 days ago
|
||
beta Uplift Approval Request
- User impact if declined: delays rolling out enforcing certificate transparency
- Code covered by automated testing: yes
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: n/a
- Risk associated with taking this patch: low
- Explanation of risk level: this flips the pref to enable CT in release. we have good test coverage and already ran an experiment that indicated this shouldn't cause issues.
- String changes made/needed: none
- Is Android affected?: no
Comment 7•19 days ago
|
||
I'll echo the release note request.
Updated•19 days ago
|
Updated•19 days ago
|
Comment 9•19 days ago
|
||
Dana, please request a MDN update for the same too: https://developer.mozilla.org/en-US/docs/Web/Security/Certificate_Transparency
![]() |
Assignee | |
Comment 10•18 days ago
|
||
Release Note Request (optional, but appreciated)
[Why is this notable]: certificate transparency is an industry standard for ensuring that certificates are publicly disclosed before web browsers will trust them. Firefox (desktop) will now finally enforce this.
[Affects Firefox for Android]: no - certificate transparency is not enabled on Android for now
[Suggested wording]: On desktop platforms, Firefox will now enforce certificate transparency. That is, Firefox will require that web servers provide sufficient proof that their certificates were publicly disclosed before trusting them. This will only affect servers using certificates issued by a certificate authority in Mozilla's Root CA Program.
[Links (documentation, blog post, etc)]: https://developer.mozilla.org/en-US/docs/Web/Security/Certificate_Transparency, https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency
![]() |
Assignee | |
Comment 11•18 days ago
|
||
Comment 12•15 days ago
|
||
FF135 MDN docs for this can be tracked in https://github.com/mdn/content/issues/37811. FYI Dana, this links the doc change you made, but also includes an MDN release note https://github.com/mdn/content/pull/37812. I'm in discussion about whether we can/should include compatibility data.
![]() |
Assignee | |
Comment 13•15 days ago
|
||
Thank you! Let me know if there's anything else I need to do.
Comment 14•14 days ago
|
||
Thanks Dana. There isn't, unless you want to review the linked PRs. But they don't AFAIK say anything "new" so should be OK.
Updated•8 days ago
|
Description
•