Closed Bug 1927085 Opened 4 months ago Closed 20 days ago

Enforce Certificate Transparency in release on desktop

Categories

(Core :: Security: PSM, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
136 Branch
Tracking Status
relnote-firefox --- 135+
firefox135 --- fixed
firefox136 --- fixed

People

(Reporter: tschuster, Assigned: keeler)

References

(Blocks 1 open bug)

Details

(Keywords: dev-doc-complete, Whiteboard: [psm-assigned])

Attachments

(2 files)

No description provided.
Assignee: nobody → dkeeler
Severity: -- → N/A
Type: task → enhancement
Priority: -- → P1
Summary: Enforce Certificate Transparency on release → Enforce Certificate Transparency in release on desktop
Whiteboard: [psm-assigned]
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4d679baa3086 enforce certificate transparency in release on desktop r=jschanck
Status: NEW → RESOLVED
Closed: 20 days ago
Resolution: --- → FIXED
Target Milestone: --- → 136 Branch

Awesome! Please consider requesting a release note for this.

Flags: needinfo?(dkeeler)
Attachment #9461107 - Flags: approval-mozilla-beta?

beta Uplift Approval Request

  • User impact if declined: delays rolling out enforcing certificate transparency
  • Code covered by automated testing: yes
  • Fix verified in Nightly: yes
  • Needs manual QE test: no
  • Steps to reproduce for manual QE testing: n/a
  • Risk associated with taking this patch: low
  • Explanation of risk level: this flips the pref to enable CT in release. we have good test coverage and already ran an experiment that indicated this shouldn't cause issues.
  • String changes made/needed: none
  • Is Android affected?: no

I'll echo the release note request.

Attachment #9461107 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Release Note Request (optional, but appreciated)
[Why is this notable]: certificate transparency is an industry standard for ensuring that certificates are publicly disclosed before web browsers will trust them. Firefox (desktop) will now finally enforce this.
[Affects Firefox for Android]: no - certificate transparency is not enabled on Android for now
[Suggested wording]: On desktop platforms, Firefox will now enforce certificate transparency. That is, Firefox will require that web servers provide sufficient proof that their certificates were publicly disclosed before trusting them. This will only affect servers using certificates issued by a certificate authority in Mozilla's Root CA Program.
[Links (documentation, blog post, etc)]: https://developer.mozilla.org/en-US/docs/Web/Security/Certificate_Transparency, https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency

relnote-firefox: --- → ?
Flags: needinfo?(dkeeler)

FF135 MDN docs for this can be tracked in https://github.com/mdn/content/issues/37811. FYI Dana, this links the doc change you made, but also includes an MDN release note https://github.com/mdn/content/pull/37812. I'm in discussion about whether we can/should include compatibility data.

Thank you! Let me know if there's anything else I need to do.

Thanks Dana. There isn't, unless you want to review the linked PRs. But they don't AFAIK say anything "new" so should be OK.

Added to the Fx135 relnotes.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: