+++ This bug was initially created as a clone of Bug #1020485 +++ I suggest we enable certificate pinning for the msisdn verification server. As per bug 1020485 comment 5 and https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning/SiteOperators this would require the loop server to give notice 14 weeks before changing your issuer CA (including CDNs and optionally subdomains). Alexis, Ben: Are you the right people to talk to about this certificate commitment? The pinning bits would be handled in moz-central, not your code base.

I believe enabling certificate pinning would work yes. One thing that worries me a bit, though, is in case there is a need to change quickly the certificates (like a security vulnerability) on the server side. Wouldn't this 14weeks notice requirement make things more complicated to handle?

That's a good question Alexis! Monica, what happens if a pinned cert needs to change quickly, because of a vulnerability (remember heartbleed?)?

We pin to root certs, not intermediates or end-entity certs. This should lessen the probability of an emergency. Heartbleed did not require any root cert revocations. Otherwise, see: https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning/SiteOperators#I_have_an_emergency.21

Is this still wanted?

According to Bug 1262454 probably not.

Yes, we want the MSISDN thing to go away.