SecurityEngineering/Certificate Transparency: Difference between revisions

SecurityEngineering/Certificate Transparency (view source)

77 bytes added , 4 February

m

add note that CT is enabled in release 135 on desktop →‎Certificate Transparency Support in Firefox

Confirmed users

308

edits

@@ Line 2: / Line 2: @@
 == Certificate Transparency Support in Firefox ==
-The security engineering team is actively working to implement Certificate Transparency in Firefox. As of version 133, it is enforced in Nightly by default, meaning that every TLS web server certificate in the public web PKI must be accompanied by sufficient certificate transparency information for Nightly to connect without showing an error page. As of version 134, it is enforced in Beta by default.
+The security engineering team is actively working to implement Certificate Transparency in Firefox. As of version 133, it is enforced in Nightly by default, meaning that every TLS web server certificate in the public web PKI must be accompanied by sufficient certificate transparency information for Nightly to connect without showing an error page. As of version 134, it is enforced in Beta by default. As of version 135, it is enabled by default in Release on desktop platforms.
 Certificate transparency is controlled by the preference ''security.pki.certificate_transparency.mode''. A value of '''0''' disables CT entirely. '''1''' enables CT, but does not enforce it, allowing Firefox to collect telemetry on the implementation and the ecosystem. Setting this preference to '''2''' causes Firefox to enforce CT for certificates issued by roots in [[CA|Mozilla's Root CA Program]].