X
Nhấn vào đây để đến phiên bản di động của trang web.

Diễn đàn trợ giúp

when will Mozilla support Expect-CT, a new security header

Được đăng

"Expect-CT is a new security header which is, at the moment, only supported by Chrome and Opera browsers. It allows a website to instruct the browser to reject any certificate not found in Certificate Transparency, a read-only public log of certificates which can be audited. Because Expect-CT is an HTTP header, it is a trust-on-first-use protocol that relies on long-term caching to ensure security. While Expect-CT does not prevent a compromised Certificate Authority from issuing a fake certificate, it does limit the damage by forcing the addition of the certificate to the log. The domain owner can then report the fake certificate and attempt to get it revoked." [Protonmail]

"Expect-CT is a new security header which is, at the moment, only supported by Chrome and Opera browsers. It allows a website to instruct the browser to reject any certificate not found in Certificate Transparency, a read-only public log of certificates which can be audited. Because Expect-CT is an HTTP header, it is a trust-on-first-use protocol that relies on long-term caching to ensure security. While Expect-CT does not prevent a compromised Certificate Authority from issuing a fake certificate, it does limit the damage by forcing the addition of the certificate to the log. The domain owner can then report the fake certificate and attempt to get it revoked." [Protonmail]

Giải pháp được chọn

Expect-CT (Certificate Transparency) isn't really a new concept as it goes back to 2014.

Certificate Transparency has been implemented in Firefox for telemetry, but is disabled because of negative impact on the performance.

If you want to spend some time on reading:


security.pki.certificate_transparency.mode (0 | 1)


Some related bug reports:

  • Bug 1281469 - Implement Certificate Transparency support (RFC 6962)
  • Bug 1349941 - Support Expect-CT for Opting-in to Certificate Transparency [RW]
  • Bug 1353216 - certificate transparency signature verifications negatively impact TLS handshake performance
  • Bug 1355903 - Re-enable Certificate Transparency telemetry collection

(please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
)

Đọc câu trả lời này trong ngữ cảnh 0
Trích dẫn

Chi tiết hệ thống bổ sung

Phần bổ trợ đã cài đặt

not related to question

Ứng dụng

  • Chuỗi đại diện người dùng: Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0

Thông tin chi tiết

cor-el
  • Top 10 Contributor
  • Moderator
17476 giải pháp 157949 câu trả lời
Được đăng

Giải pháp được chọn

Expect-CT (Certificate Transparency) isn't really a new concept as it goes back to 2014.

Certificate Transparency has been implemented in Firefox for telemetry, but is disabled because of negative impact on the performance.

If you want to spend some time on reading:


security.pki.certificate_transparency.mode (0 | 1)


Some related bug reports:

  • Bug 1281469 - Implement Certificate Transparency support (RFC 6962)
  • Bug 1349941 - Support Expect-CT for Opting-in to Certificate Transparency [RW]
  • Bug 1353216 - certificate transparency signature verifications negatively impact TLS handshake performance
  • Bug 1355903 - Re-enable Certificate Transparency telemetry collection

(please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
)

Expect-CT (Certificate Transparency) isn't really a new concept as it goes back to 2014. Certificate Transparency has been implemented in Firefox for telemetry, but is disabled because of negative impact on the performance. If you want to spend some time on reading: *https://developer.mozilla.org/en-US/docs/Web/Security/Certificate_Transparency *https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT *https://wiki.mozilla.org/PKI:CT ---- *https://dxr.mozilla.org/mozilla-release/source/security/manager/ssl/security-prefs.js security.pki.certificate_transparency.mode (0 | 1) ---- Some related bug reports: *[https://bugzilla.mozilla.org/show_bug.cgi?id=1281469 Bug 1281469] - Implement Certificate Transparency support (RFC 6962) *[https://bugzilla.mozilla.org/show_bug.cgi?id=1349941 Bug 1349941] - Support Expect-CT for Opting-in to Certificate Transparency [RW] *[https://bugzilla.mozilla.org/show_bug.cgi?id=1353216 Bug 1353216] - certificate transparency signature verifications negatively impact TLS handshake performance *[https://bugzilla.mozilla.org/show_bug.cgi?id=1355903 Bug 1355903] - Re-enable Certificate Transparency telemetry collection (<i>please do not comment in bug reports<br>https://bugzilla.mozilla.org/page.cgi?id=etiquette.html</i>)
Bài viết này có hữu ích với bạn không?
Trích dẫn
Đặt một câu hỏi

Bạn phải đăng nhập vào tài khoản của bạn để trả lời bài viết. Vui lòng bắt đầu một câu hỏi mới, nếu bạn chưa có tài khoản.