Page MenuHomePhabricator
Create Task
Maniphest T50436

Implement Certificate Pinning
Closed, DeclinedPublic
Actions

Description

Ensures that our users are safer from Government / Network surveillance

Version: unspecified
Severity: enhancement

Details

Reference
bz48436

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 1:33 AM
bzimport added a project: Commons-App-General.
bzimport set Reference to bz48436.
bzimport added a subscriber: Unknown Object (MLST).
yuvipanda created this task.May 14 2013, 6:34 AM
brion added a comment.May 14 2013, 3:10 PM

Do we actually need to pin the cert, or just make sure it's valid?

When we legitimately change certs (expiration, configuration change, etc) we don't want to scare users with a warning...

yuvipanda added a comment.May 14 2013, 3:14 PM

It is already requires to be valid.

We should perhaps start a larger conversation about cert pinning. I will investigate how other browsers and apps do pinning when I'm back online.

Tfinc added a comment.Oct 7 2013, 11:12 PM

Let's punt on this for now.

Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 7:03 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL