SecurityEngineering/Public Key Pinning/Implementation Details: Difference between revisions

Jump to navigation Jump to search

SecurityEngineering/Public Key Pinning/Implementation Details (view source)

Revision as of 20:16, 15 April 2016

29 bytes removed ,  15 April 2016
Update some source file links to reflect post Bug 1164714 reality.
(Update some source file links to reflect post Bug 1164714 reality.)
 
Line 5: Line 5:
{|
{|
|-
|-
| [https://mxr.mozilla.org/mozilla-central/source/security/manager/boot/src/StaticHPKPins.h security/manager/boot/src/StaticHPKPins.h]
| [https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/StaticHPKPins.h security/manager/ssl/StaticHPKPins.h]
| The built-in preload list.
| The built-in preload list.
|-
|-
| [https://mxr.mozilla.org/mozilla-central/source/security/manager/boot/src/StaticHPKPins.errors security/manager/boot/src/StaticHPKPins.errors]
| [https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/StaticHPKPins.errors security/manager/ssl/StaticHPKPins.errors]
| A log of debugging information from the last time the preload list was generated.
| A log of debugging information from the last time the preload list was generated.
|-
|-
Line 17: Line 17:
| Mozilla-specific information used when generating the preload list.
| Mozilla-specific information used when generating the preload list.
|-
|-
| [https://mxr.mozilla.org/mozilla-central/source/security/manager/boot/src/PublicKeyPinningService.cpp security/manager/boot/src/PublicKeyPinningService.cpp]
| [https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/PublicKeyPinningService.cpp security/manager/ssl/PublicKeyPinningService.cpp]
| The core of the HPKP implementation.
| The core of the HPKP implementation.
|-
|-
Line 28: Line 28:


=== What to do when Firefox's root certs change ===
=== What to do when Firefox's root certs change ===
* Look at http://mxr.mozilla.org/mozilla-central/source/security/manager/tools/PreloadedHPKPins.json to see if the root is pinned by anyone.
* Look at https://dxr.mozilla.org/mozilla-central/source/security/manager/tools/PreloadedHPKPins.json to see if the root is pinned by anyone.
* If the root is in use, file a Bugzilla bug (Product Core, Component Security:PSM) to request that the pinning list be regenerated and that the corresponding site operators be notified when the root change is checked in (linking back to the root change request bug).
* If the root is in use, file a Bugzilla bug (Product Core, Component Security:PSM) to request that the pinning list be regenerated and that the corresponding site operators be notified when the root change is checked in (linking back to the root change request bug).


=== Something is Broken, and we Think it's Pinning ===
=== Something is Broken, and we Think it's Pinning ===
TODO
TODO
Cykesiopka
2

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1127983"

Navigation menu