SecurityEngineering/Certificate Transparency
Certificate Transparency (CT) is a system that works to ensure that TLS web server certificates are verifiably publicly disclosed before they can be used, which allows for certificate misissuance to be detected.
Certificate Transparency Support in Firefox
The security engineering team is actively working to implement Certificate Transparency in Firefox. As of version 133, it is enforced in Nightly by default, meaning that every TLS web server certificate in the public web PKI must be accompanied by sufficient certificate transparency information for Nightly to connect without showing an error page. As of version 134, it is enforced in Beta by default. As of version 135, it is enabled by default in Release on desktop platforms.
Certificate transparency is controlled by the preference security.pki.certificate_transparency.mode. A value of 0 disables CT entirely. 1 enables CT, but does not enforce it, allowing Firefox to collect telemetry on the implementation and the ecosystem. Setting this preference to 2 causes Firefox to enforce CT for certificates issued by roots in Mozilla's Root CA Program.
Enterprise Policies
The preference security.pki.certificate_transparency.disable_for_hosts can be used to disable enforcing CT for specific hosts. To do so, specify any number of entries separated by commas. Each entry of the form example.com will disable CT for example.com and all subdomains of that domain. Entries of the form .example.com will disable CT for example.com only. This is intended to be similar to the Chrome enterprise policy CertificateTransparencyEnforcementDisabledForUrls.
The preference security.pki.certificate_transparency.disable_for_spki_hashes can be used to disable enforcing CT for certificate chains where one of the certificates in the chain has a matching subject public key info. To do so, specify any number of entries separated by commas. Each entry must be the base64-encoded sha-256 hash of a certificate's DER-encoded subject public key info. This is intended to be similar to the Chrome enterprise policy CertificateTransparencyEnforcementDisabledForCas, but the sha256/ prefix is not included.
Both of these preferences can be set via policy.
Known CT Logs
The list of known CT logs is compiled into Firefox. This list is derived from Chromium's list and is automatically updated each week in prerelease versions of Firefox.
Each log in the source list is in one of a number of states. Firefox disregards logs that are Pending or Rejected. Firefox considers logs that are Qualified, Usable, or ReadOnly to be Admissible. Firefox makes notes of logs that are Retired, along with the retirement time.
This information has a 10 week expiration time. That is, if 10 weeks have passed since the information has been updated (typically by updating Firefox itself), the implementation will no longer enforce certificate transparency.
CT Policy
Certificate transparency information can be delivered either as signed certificate timestamps (SCTs) embedded in the certificate itself or as SCTs stapled alongside the certificate (via the TLS handshake or in an OCSP response). For a connection to succeed, sufficient certificate transparency information must be provided using either of these methods.
For embedded SCTs, "sufficient" means at least N SCTs from distinct logs that were Admissible or Retired at the time of verification, where N is 2 for certificates with a lifetime of 180 days or less, and 3 otherwise. At least 1 of those SCTs must be from a log that was Admissible at the time of verification. Among those SCTs, at least 2 must be from distinct log operators.
For SCTs delivered via the TLS handshake or an OCSP response, "sufficient" means at least 2 SCTs from distinct log operators that were Admissible at the time of verification.
CT Log Policy
TK