Security/Features/CA pinning functionality: Difference between revisions

Jump to navigation Jump to search

Security/Features/CA pinning functionality (view source)

Revision as of 16:00, 20 March 2012

379 bytes removed ,  20 March 2012
no edit summary
mNo edit summary
No edit summary
Line 19: Line 19:
|Feature functional spec=See https://tools.ietf.org/html/draft-evans-palmer-key-pinning .
|Feature functional spec=See https://tools.ietf.org/html/draft-evans-palmer-key-pinning .


As the draft suggests (but does not require) in 6.1, we should require 2 or more pins, 1 of which is not used in the currently-served chain. This reduces the ability of people to shoot themselves in the foot and will preserve the good reputation of the technology.
We should also consider _requiring_ a breakv code, and talk to the authors about making that a spec requirement.
|Feature ux design=The draft recommends that users have ways of querying which domains are pinned. We need to consider whether we think this is necessary and, if so, how to do it. (Perhaps integrated with the history view?)
|Feature ux design=The draft recommends that users have ways of querying which domains are pinned. We need to consider whether we think this is necessary and, if so, how to do it. (Perhaps integrated with the history view?)


Gerv
Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/409393"

Navigation menu