SecurityEngineering/Public Key Pinning/ReleaseEngineering

From MozillaWiki

< SecurityEngineering‎ | Public Key Pinning

Revision as of 23:45, 22 May 2014 by Mmc (talk | contribs) (→‎How to rollback pinning for Firefox)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Whom to contact in case of emergency

seceng@mozilla.org

Implementation status

Pinning is enabled by default in Nightly 32.

What critical Mozilla properties are we planning to pin?

AMO
aus4 is under question. We have a meeting with rstrong to discuss what, if any, benefits pinning provides over verifying the signature on the actual binaries and requiring those come from a known issuer. The drawback of pinning the updater is that we may break ourselves.

How to rollback pinning for Firefox

Pinning is controlled by a preference, security.cert_pinning.enforcement_level. To disable pinning, set this pref to 0. In case of emergency, we can

Push a hotfix to disable the pinning pref. In case pinning breaks AMO, this will not be possible.
Push a chemspill.
Wait 8 weeks until the pinset expires once it reaches stable.

How long do updates take?

Hotfix: almost all users in 2 days
Chemspill: unknown
Fennec (Google play): Majority users in 2 days

What about other platforms besides desktop?

In bug 1012882, we decided to not pin on b2g right now, and (maybe) to wait for a couple of cycles to pin on Fennec.

Retrieved from "https://wiki.allizom.org/index.php?title=SecurityEngineering/Public_Key_Pinning/ReleaseEngineering&oldid=981897"