SecurityEngineering/Public Key Pinning/SiteOperators: Difference between revisions
Jump to navigation
Jump to search
| Line 4: | Line 4: | ||
== How much notice do I need to give for pinset changes? == | == How much notice do I need to give for pinset changes? == | ||
Firefox is on a 6-week cycle, with 4 different trains: Nightly, Aurora, Beta, Release. | Firefox is on a 6-week cycle, with 4 different trains: Nightly, Aurora, Beta, Release. For the next merge date, please see [[RapidRelease/Calendar]]. | ||
Ideally we'd like to have 18 weeks notice before any pinset changes, in order to have adequate time for testing and uplifting (if necessary) to Aurora | Ideally we'd like to have 18 weeks notice before any pinset changes, in order to have adequate time for testing and uplifting (if necessary) to Aurora. | ||
12 weeks is the absolute minimum amount of time we need to make changes. | 12 weeks is the absolute minimum amount of time we need to make changes. | ||
Revision as of 23:01, 22 May 2014
Help, I need to change my pinset!
File a bug under the Core::Security:PSM component with changes to your pinset: https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=Security%3A%20PSM
How much notice do I need to give for pinset changes?
Firefox is on a 6-week cycle, with 4 different trains: Nightly, Aurora, Beta, Release. For the next merge date, please see RapidRelease/Calendar.
Ideally we'd like to have 18 weeks notice before any pinset changes, in order to have adequate time for testing and uplifting (if necessary) to Aurora.
12 weeks is the absolute minimum amount of time we need to make changes.
How can you test your pins?
- Go to about:config and make sure that security.cert_pinning.enforcement_level = 1 (allow user-specified trust anchors to override pinning checks) or 2 (strict mode)
- Visit https://pinningtest.appspot.com to make sure you see a warning.
- Visit all your sites!