Security/FirefoxOperations: Difference between revisions

Jump to navigation Jump to search

Security/FirefoxOperations (view source)

Revision as of 15:32, 25 November 2016

245 bytes added ,  25 November 2016
→‎Security Checklist
Line 137: Line 137:
* [ ] Set HSTS to 31536000 (1 year) (**INFRA-HSTS**)
* [ ] Set HSTS to 31536000 (1 year) (**INFRA-HSTS**)
* [ ] Set HPKP to 5184000 (60 days) (**INFRA-HPKP**)
* [ ] Set HPKP to 5184000 (60 days) (**INFRA-HPKP**)
   * `Public-Key-Pins: max-age=300; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
   * `Public-Key-Pins: max-age=5184000; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=";`
     * Start with max-age set to 5 minutes and increase gradually
     * Start with max-age set to 5 minutes (`max-age=300`) and increase progressively
     * Pin to the EV and DV roots of Digicert
     * The first two pins are for Digicert EV and DV roots, the last two are for Let's Encrypt X3 and X4 intermediates (LE is only used for backup)
   * [ ] If the service is not hosted under `services.mozilla.com`, it must be manually added to [Firefox's preloaded pins](https://dxr.mozilla.org/mozilla-central/source/security/manager/tools/PreloadedHPKPins.json#184).
   * [ ] If the service is not hosted under `services.mozilla.com`, it must be manually added to [Firefox's preloaded pins](https://dxr.mozilla.org/mozilla-central/source/security/manager/tools/PreloadedHPKPins.json#184).
* If service has an admin panels, it must:
* If service has an admin panels, it must:
Ulfr
Confirmed users
529

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1155815"

Navigation menu