SecurityEngineering/Public Key Pinning: Difference between revisions

← Older edit

SecurityEngineering/Public Key Pinning (view source)

Revision as of 20:11, 23 May 2024

412 bytes removed , 23 May 2024

→‎Implementation status: remove no-longer-pinned sites

Dkeeler

Confirmed users

299

edits

@@ Line 10: / Line 10: @@
 Pinning is supported in Firefox 34 and later on Android.
-We will:
+We currently:
-# Pin all of the sites that Chrome already does (Google, Twitter) by importing chromium's pinset.
+# Pin all of the sites that Chrome already does (mainly Google sites) by importing chromium's pinset.
 # Pin our own sites after auditing them and cleaning them up.
 # Pin other popular sites like Facebook that are in good shape already (with their cooperation, of course)
-=== New sites pinned in Firefox 32 ===
+=== Currently-pinned Sites ===
-* Twitter: twitter.com, api.twitter.com, business.twitter.com, dev.twitter.com, mobile.twitter.com, oauth.twitter.com, platform.twitter.com, twimg.com, www.twitter.com
 * AMO: *.addons.mozilla.org, *.addons.mozilla.net
+* Firefox accounts: *.accounts.firefox.com
 * Mozilla CDN: *.cdn.mozilla.{org,net}, *.media.mozilla.com
-=== New sites pinned in Firefox 33 ===
-* Twitter: *.twitter.com (expanded coverage from 32)
 * Google: too many to list (see everything from https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json with the "google" pinset)
-=== New sites pinned in Firefox 34 ===
-* Firefox accounts: *.accounts.firefox.com
 * TOR
-* Dropbox: www.dropbox.com, dropbox.com
 Tracking bug for pinning all the things: {{bug|1004350}}
@@ Line 42: / Line 35: @@
 * [[SecurityEngineering/Public_Key_Pinning/SiteOperators]]
 * [[SecurityEngineering/Public_Key_Pinning/ReleaseEngineering]]
-* Pinning dashboard: http://people.mozilla.org/~mchew/pinning_dashboard
 * [[SecurityEngineering/Public_Key_Pinning/Implementation_Details]]