2
edits
SecurityEngineering/Public Key Pinning/Implementation Details: Difference between revisions
SecurityEngineering/Public Key Pinning/Implementation Details (view source)
Revision as of 20:16, 15 April 2016
, 15 April 2016Update some source file links to reflect post Bug 1164714 reality.
Cykesiopka (talk | contribs) (Update some source file links to reflect post Bug 1164714 reality.) |
|||
| Line 5: | Line 5: | ||
{| | {| | ||
|- | |- | ||
| [https:// | | [https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/StaticHPKPins.h security/manager/ssl/StaticHPKPins.h] | ||
| The built-in preload list. | | The built-in preload list. | ||
|- | |- | ||
| [https:// | | [https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/StaticHPKPins.errors security/manager/ssl/StaticHPKPins.errors] | ||
| A log of debugging information from the last time the preload list was generated. | | A log of debugging information from the last time the preload list was generated. | ||
|- | |- | ||
| Line 17: | Line 17: | ||
| Mozilla-specific information used when generating the preload list. | | Mozilla-specific information used when generating the preload list. | ||
|- | |- | ||
| [https:// | | [https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/PublicKeyPinningService.cpp security/manager/ssl/PublicKeyPinningService.cpp] | ||
| The core of the HPKP implementation. | | The core of the HPKP implementation. | ||
|- | |- | ||
| Line 28: | Line 28: | ||
=== What to do when Firefox's root certs change === | === What to do when Firefox's root certs change === | ||
* Look at | * Look at https://dxr.mozilla.org/mozilla-central/source/security/manager/tools/PreloadedHPKPins.json to see if the root is pinned by anyone. | ||
* If the root is in use, file a Bugzilla bug (Product Core, Component Security:PSM) to request that the pinning list be regenerated and that the corresponding site operators be notified when the root change is checked in (linking back to the root change request bug). | * If the root is in use, file a Bugzilla bug (Product Core, Component Security:PSM) to request that the pinning list be regenerated and that the corresponding site operators be notified when the root change is checked in (linking back to the root change request bug). | ||
=== Something is Broken, and we Think it's Pinning === | === Something is Broken, and we Think it's Pinning === | ||
TODO | TODO | ||