On 09/01/2014 01:19 PM, Antony Stone wrote:
> Fromhttps://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
>
> Starting with FF 32, it's on by default, so you don't have to do anything. The
> pinning level is enforced by a pref, security.cert_pinning.enforcement_level
>
> 0. Pinning disabled
> 1. Allow User MITM (pinning not enforced if the trust anchor is a user
> inserted CA, default)
> 2. Strict. Pinning is always enforced.
> 3. Enforce test mode.
>
> That seems to me to say that if the root of the certificate chain is a user-
> added cert, pinning will not be enforced, therefore the user isn't affected?
Hey Antony,
It means that if the user will disable the Pinning check it will work.
I assume they will choose option 2 of the 4 but it's different from
chrome which do not allow you to disable the pinning at all for google.com.
Eliezer
Received on Mon Sep 01 2014 - 14:09:08 MDT
This archive was generated by hypermail 2.2.0 : Mon Sep 01 2014 - 12:00:05 MDT