Open
Bug 951437
Opened 11 years ago
Updated 1 year ago
hsts preload list: make error reporting more clear when we're keeping a site on the list that we can't connect to
Categories
(Core :: Security: PSM, defect, P5)
Core
Security: PSM
Tracking
()
NEW
People
(Reporter: keeler, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-cleanup][hsts])
Currently we keep sites on the preload list that are already on our list even if we can't connect to them (on the grounds that we shouldn't drop a site if there's a temporary network disruption). However, when the script makes the nsSTSPreloadList.errors file, the output makes it look like those sites are not on the list. We should add a note like "(but we kept it because it was on the list previously)". https://twitter.com/unhush/status/413023924138426368
Reporter | ||
Updated•8 years ago
|
Whiteboard: [psm-cleanup]
Reporter | ||
Updated•7 years ago
|
Priority: -- → P5
This should ideally make a clear distinction between client-side errors, such as the task failing because of local errors like DNS timeouts or refused queries, and server-side errors, such as the DNS record not being present, the associated IP address(es) being unreachable, the certificate having expired, the 'max-age' value being too short, etc.
Updated•5 years ago
|
Whiteboard: [psm-cleanup] → [psm-cleanup][hsts]
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•