SecurityEngineering/Certificate Transparency: Difference between revisions

SecurityEngineering/Certificate Transparency (view source)

22 bytes added , 18 December 2024

mention this only applies to the public web PKI

Confirmed users

308

edits

@@ Line 2: / Line 2: @@
 == Certificate Transparency Support in Firefox ==
-The security engineering team is actively working to implement Certificate Transparency in Firefox. As of version 133, it is enforced in Nightly by default, meaning that every TLS web server certificate must be accompanied by sufficient certificate transparency information for Nightly to connect without showing an error page. As of version 134, it is enforced in Beta by default.
+The security engineering team is actively working to implement Certificate Transparency in Firefox. As of version 133, it is enforced in Nightly by default, meaning that every TLS web server certificate in the public web PKI must be accompanied by sufficient certificate transparency information for Nightly to connect without showing an error page. As of version 134, it is enforced in Beta by default.
 Certificate transparency is controlled by the preference ''security.pki.certificate_transparency.mode''. A value of '''0''' disables CT entirely. '''1''' enables CT, but does not enforce it, allowing Firefox to collect telemetry on the implementation and the ecosystem. Setting this preference to '''2''' causes Firefox to enforce CT for certificates issued by roots in [[CA|Mozilla's Root CA Program]].