Confirmed users
307
edits
Privacy/Features/HSTS Preload List: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 29: | Line 29: | ||
Google maintains a list in their chrome source (https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state_static.json -- look for mode=force-https). We can use this list, since Google has invested in maintaining and sharing it. | Google maintains a list in their chrome source (https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state_static.json -- look for mode=force-https). We can use this list, since Google has invested in maintaining and sharing it. | ||
|Feature implementation plan=* Create a mechanism to import | |Feature implementation plan=* Create a mechanism to import a list of sites using HSTS into the strict transport security service | ||
* Create a mechanism | * Create a mechanism to suck down chrome's list and scrub/reformat it | ||
** | ** Initially this will be done by manually running a script and obtaining a file that we will check in to mozilla-central along with the above import mechanism code | ||
** | ** Periodically the script will be re-run, and any changes will be checked in to mozilla-central. Presumably this would be at least once per release. | ||
** | ** Eventually we (with IT) will set up a server that polls, scrubs and checks in updates to the preload file. | ||
** TBD: Do we land updates to the preload list on branches? | |||
** Currently ssh://hg.mozilla.org/users/dkeeler_mozilla.com/sts-preload has an early version of this script and its output | ** Currently ssh://hg.mozilla.org/users/dkeeler_mozilla.com/sts-preload has an early version of this script and its output | ||
* | * In the future, create a mechanism by which URLs can be used as subscription endpoints | ||
}} | }} | ||
{{FeatureInfo | {{FeatureInfo | ||