SecurityEngineering/Public Key Pinning/ReleaseEngineering: Difference between revisions
Jump to navigation
Jump to search
| Line 13: | Line 13: | ||
# Push a hotfix to disable the pinning pref. In case pinning breaks AMO, this will not be possible. | # Push a hotfix to disable the pinning pref. In case pinning breaks AMO, this will not be possible. | ||
# Push a chemspill. | # Push a chemspill. | ||
# Wait 8 weeks until the pinset expires once it reaches stable. | |||
== How long do updates take? == | == How long do updates take? == | ||
Revision as of 23:45, 22 May 2014
Whom to contact in case of emergency
seceng@mozilla.org
Implementation status
Pinning is enabled by default in Nightly 32.
What critical Mozilla properties are we planning to pin?
- AMO
- aus4 is under question. We have a meeting with rstrong to discuss what, if any, benefits pinning provides over verifying the signature on the actual binaries and requiring those come from a known issuer. The drawback of pinning the updater is that we may break ourselves.
How to rollback pinning for Firefox
Pinning is controlled by a preference, security.cert_pinning.enforcement_level. To disable pinning, set this pref to 0. In case of emergency, we can
- Push a hotfix to disable the pinning pref. In case pinning breaks AMO, this will not be possible.
- Push a chemspill.
- Wait 8 weeks until the pinset expires once it reaches stable.
How long do updates take?
- Hotfix: almost all users in 2 days
- Chemspill: unknown
- Fennec (Google play): Majority users in 2 days
What about other platforms besides desktop?
In bug 1012882, we decided to not pin on b2g right now, and (maybe) to wait for a couple of cycles to pin on Fennec.