One of the main reasons we hesitated so long to remove HPKP was in part
because it provided an answer to the concern that static pins privilege
some sites and not others (which in general is not conducive to a
healthy, diverse web). Now that we're disabling HPKP, perhaps we need to
have a
Hi Dana,
One thing I don't see mentioned here is certificate transparency, which, while
not a 1:1 replacement, nevertheless strongly contributes to the same goal of
control over issuance.
Is there a plan to implement SCT verification in Firefox, similar to what
Chrome and Apple have shipped?
Will non-mozilla websites be eligible to be added into our preload list, or
is it restricted to our own properties?
On Sun, Nov 17, 2019, 8:17 PM Dana Keeler wrote:
> The breadth of the web public key infrastructure (PKI) is both an asset
> and a risk. Websites have a wide range of certificate
Enabling certificate transparency in Firefox mostly depends on policy details
that haven't been worked out yet. But yes, removing HPKP does not depend on CT.
On Monday, November 18, 2019 at 3:08:08 PM UTC-8, alex@gmail.com wrote:
> Hi Dana,
>
> One thing I don't see mentioned here is
The breadth of the web public key infrastructure (PKI) is both an asset
and a risk. Websites have a wide range of certificate authorities (CAs)
to choose from to obtain certificates for their domains. As a
consequence, attackers also have a wide range of potential targets to
try to exploit to
5 matches
Mail list logo
