[tbb-bugs] #16206 [Tor Browser]: set security.cert_pinning.enforcement_level to 2 ("Strict. Pinning is always enforced")

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed May 27 09:06:15 UTC 2015


#16206: set security.cert_pinning.enforcement_level to 2 ("Strict. Pinning is
always enforced")
-----------------------------+----------------------------------------
     Reporter:  dkg          |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  hpkp, TorBrowserTeam201505
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+----------------------------------------
Changes (by gk):

 * keywords:  hpkp => hpkp, TorBrowserTeam201505


Comment:

 There is actually https://bugzilla.mozilla.org/show_bug.cgi?id=1059392
 proposing to switch to level 2 by default. As we have backported cert
 pinning for our updater we might want to have that earlier than August
 when the move to ESR 38 is planned.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16206#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list