Information
ID: 66
PHID: PHID-TASK-jmgfuy6jupejb3lwgxj3
Author: JasonJAyalaP
Status at Migration Time: resolved
Priority at Migration Time: Wishlist
Description
At the moment we are just as everyone else vulnerable to malicious certificate authorities issuing fraudulent SSL certificates.
CA pinning is in the works. References:
- https://bugzilla.mozilla.org/show_bug.cgi?id=744204
- Security/Features/CA pinning functionality - MozillaWiki
- draft-evans-palmer-key-pinning-00
Not perfect, not only pinning the certificate fingerprint, still depending on two CA’s but at least not on a massive amount of them.
Once done, we should apply for it.
Related:
T84
Comments
Patrick
2018-07-09 05:20:29 UTC
Patrick
2018-07-14 10:02:20 UTC