15
edits
Security/Binary Transparency: Difference between revisions
Security/Binary Transparency (view source)
Revision as of 19:30, 24 February 2017
, 24 February 2017Specify that suffix is fx-trans.net
(Created page with "= Goal = Allow third parties to verify that all Firefox binaries are public, i.e., that they have gotten the same version as the rest of the world and not a special, possibly...") |
(Specify that suffix is fx-trans.net) |
||
| Line 46: | Line 46: | ||
## The version label for the release, with “.” characters changed to “-” | ## The version label for the release, with “.” characters changed to “-” | ||
## A label for the version of binary transparency scheme used to generate this tree head, currently “0” | ## A label for the version of binary transparency scheme used to generate this tree head, currently “0” | ||
## | ## The fixed domain name suffix <code>fx-trans.net<code> | ||
## For example, if the Merkle tree head for Firefox 51.0b9 is <code>151eec404a908104927fdb411d4f73accc6ed5bba41d85b0ae44107694c5f8f1<code>, then the resulting domain name is <code>151eec404a908104927fdb411d4f73ac.cc6ed5bba41d85b0ae44107694c5f8f1.51-0b9.0. | ## For example, if the Merkle tree head for Firefox 51.0b9 is <code>151eec404a908104927fdb411d4f73accc6ed5bba41d85b0ae44107694c5f8f1<code>, then the resulting domain name is <code>151eec404a908104927fdb411d4f73ac.cc6ed5bba41d85b0ae44107694c5f8f1.51-0b9.0.fx-trans.net</code> | ||
# Obtain a certificate containing that domain name. | # Obtain a certificate containing that domain name. | ||
# Submit the certificate to a Certificate Transparency log. | # Submit the certificate to a Certificate Transparency log. | ||
TBD: | TBD: | ||
* Which CA(s) will be used to issue certificates | * Which CA(s) will be used to issue certificates | ||
* Which log(s) will be used to log certificates | * Which log(s) will be used to log certificates | ||