Security/FirefoxOperations: Difference between revisions

Jump to navigation Jump to search

Security/FirefoxOperations (view source)

Revision as of 15:15, 27 September 2016

119 bytes added ,  27 September 2016
no edit summary
No edit summary
No edit summary
Line 128: Line 128:


<source lang:markdown>
<source lang:markdown>
* [ ] The service must have performed a Rapid Risk Assessment and have a Risk Record bug (**SVC-RRA**).
Infrastructure rules
Infrastructure rules
--------------------
--------------------


* [ ] Use [Modern TLS](https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility) (**INFRA-TLS**)
* [ ] Use [Intermediate TLS](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility) (**INFRA-TLS**)
* [ ] Set HSTS to 31536000 (1 year) (**INFRA-HSTS**)
* [ ] Set HSTS to 31536000 (1 year) (**INFRA-HSTS**)
* [ ] Set HPKP to 5184000 (60 days) (**INFRA-HPKP**)
* [ ] Set HPKP to 5184000 (60 days) (**INFRA-HPKP**)
Line 194: Line 197:
* If the service pushes data to Firefox, like when distributing blacklists or pushing updates, cryptographic signatures must be used. (**DATA-SIGN**)
* If the service pushes data to Firefox, like when distributing blacklists or pushing updates, cryptographic signatures must be used. (**DATA-SIGN**)
   * [ ] Addons must use standard AMO signing (**APP-SIGNING**)
   * [ ] Addons must use standard AMO signing (**APP-SIGNING**)
   * [ ] Code & Conf must use Content-Signature via
   * [ ] Code & Conf must use Content-Signature via [Autograph](https://github.com/mozilla-services/autograph) (**DATA-SIGNING**)
[Autograph](https://github.com/mozilla-services/autograph) (**DATA-SIGNING**)
 
</source>
</source>


Ulfr
Confirmed users
529

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1149412"

Navigation menu