Closed
Bug 1931437
Opened 3 months ago
Closed 3 months ago
provide a mechanism for enterprises to skip certificate transparency enforcement for specified hosts/certificates
Categories
(Core :: Security: PSM, enhancement, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
134 Branch
| Tracking | Status | |
|---|---|---|
| firefox134 | --- | fixed |
People
(Reporter: keeler, Assigned: keeler)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-assigned])
Attachments
(2 files)
Evidently some organizations make use of certificates issued by CAs in the web PKI that aren't publicly disclosed in certificate transparency. To enable these certificates to continue working without disabling certificate transparency entirely, we should implement a mechanism to skip enforcing CT for certain hosts and certificates.
(cf. https://chromeenterprise.google/policies/#CertificateTransparencyEnforcementDisabledForCas and https://chromeenterprise.google/policies/#CertificateTransparencyEnforcementDisabledForUrls)
|
Assignee | |
Comment 1•3 months ago
|
||
|
|
Assignee | |
Comment 2•3 months ago
|
||
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c2c1f5446544
reorganize CertVerifier::VerifyCertificateTransparencyPolicy for clarity and future changes r=jschanck
https://hg.mozilla.org/integration/autoland/rev/330315d68b20
a mechanism to selectively skip certificate transparency enforcement r=jschanck,mkaply
|
||
Comment 4•3 months ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/c2c1f5446544
https://hg.mozilla.org/mozilla-central/rev/330315d68b20
Status: NEW → RESOLVED
Closed: 3 months ago
status-firefox134:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 134 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•