Fungovanie tejto stránky je z dôvodu údržby dočasne obmedzené. Ak článok nevyrieši váš problém a chcete položiť otázku, napíšte našej komunite podpory na Twitter @FirefoxSupport alebo Reddit /r/firefox.

Avatar for Username

Vyhľadajte odpoveď

Vyhnite sa podvodom s podporou. Nikdy vás nebudeme žiadať, aby ste zavolali alebo poslali SMS na telefónne číslo alebo zdieľali osobné informácie. Nahláste prosím podozrivú aktivitu použitím voľby “Nahlásiť zneužitie”.

Ďalšie informácie

Táto téma bola archivovaná. Ak potrebujete pomôcť, založte prosím novú otázku.

when will Mozilla support Expect-CT, a new security header

  • 1 odpoveď
  • 1 má tento problém
  • 1 zobrazenie
  • Posledná odpoveď od cor-el

fndtn357
fndtn357
more options

"Expect-CT is a new security header which is, at the moment, only supported by Chrome and Opera browsers. It allows a website to instruct the browser to reject any certificate not found in Certificate Transparency, a read-only public log of certificates which can be audited. Because Expect-CT is an HTTP header, it is a trust-on-first-use protocol that relies on long-term caching to ensure security. While Expect-CT does not prevent a compromised Certificate Authority from issuing a fake certificate, it does limit the damage by forcing the addition of the certificate to the log. The domain owner can then report the fake certificate and attempt to get it revoked." [Protonmail]

"Expect-CT is a new security header which is, at the moment, only supported by Chrome and Opera browsers. It allows a website to instruct the browser to reject any certificate not found in Certificate Transparency, a read-only public log of certificates which can be audited. Because Expect-CT is an HTTP header, it is a trust-on-first-use protocol that relies on long-term caching to ensure security. While Expect-CT does not prevent a compromised Certificate Authority from issuing a fake certificate, it does limit the damage by forcing the addition of the certificate to the log. The domain owner can then report the fake certificate and attempt to get it revoked." [Protonmail]

Vybrané riešenie

Expect-CT (Certificate Transparency) isn't really a new concept as it goes back to 2014.

Certificate Transparency has been implemented in Firefox for telemetry, but is disabled because of negative impact on the performance.

If you want to spend some time on reading:

security.pki.certificate_transparency.mode (0 | 1)

Some related bug reports:

  • Bug 1281469 - Implement Certificate Transparency support (RFC 6962)
  • Bug 1349941 - Support Expect-CT for Opting-in to Certificate Transparency [RW]
  • Bug 1353216 - certificate transparency signature verifications negatively impact TLS handshake performance
  • Bug 1355903 - Re-enable Certificate Transparency telemetry collection

(please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html)

Čítať túto odpoveď v kontexte 👍 0

Všetky odpovede (1)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Vybrané riešenie

Expect-CT (Certificate Transparency) isn't really a new concept as it goes back to 2014.

Certificate Transparency has been implemented in Firefox for telemetry, but is disabled because of negative impact on the performance.

If you want to spend some time on reading:

security.pki.certificate_transparency.mode (0 | 1)

Some related bug reports:

  • Bug 1281469 - Implement Certificate Transparency support (RFC 6962)
  • Bug 1349941 - Support Expect-CT for Opting-in to Certificate Transparency [RW]
  • Bug 1353216 - certificate transparency signature verifications negatively impact TLS handshake performance
  • Bug 1355903 - Re-enable Certificate Transparency telemetry collection

(please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html)