Closed Bug 1311745 Opened 8 years ago Closed 8 years ago

HPKP Persistent/Private Storage Checking may be incorrect

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1242226
Tracking Flags:
Tracking Status
firefox52 --- affected

People

(Reporter: tjr, Unassigned)

Details

In nsSiteSecurityService::GetKeyPinsForHostname (around https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsSiteSecurityService.cpp#1164 )it appears that the stores are checked: Persistent, Private, Preload. It seems to me the correct order should be: For Private Browsing: Private, (maybe) Persistent, Preload. (There are arguments to be had on both sides of the 'maybe') For 'Normal' browsing: Persistent, Preload. See also #1242226
Thanks, Tom. I feel like fixing bug 1242226 will address this (or, rather, when we fix that bug, we can incorporate this).
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.