Require TransportSecurityState, CTVerifier, CTPolicyEnforcer |
|||
Issue descriptionThese three objects are critical to security: - TSS handles HSTS/HPKP (both static and dynamic) at present, ExpectCT, and in the future, RequireCT - CTVerifier handles evaluating SCTs - CTPolicyEnforcer determines compliance to CT policies We want all sockets, regardless of who is connecting, to consistently observe these policies. However, at present, these objects are conditionally allowed to be omitted, in which case, they silently fail open. We should make them required for all sockets and all HTTP requests.
,
Jun 30 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d29e2068134057599d96b9bfc4fc6b9a3a797a6a commit d29e2068134057599d96b9bfc4fc6b9a3a797a6a Author: mef <mef@chromium.org> Date: Thu Jun 30 20:56:30 2016 [Cronet] Use TransportSecurityState, CTVerifier, CTPolicyEnforcer on iOS BUG= 619770 Review-Url: https://codereview.chromium.org/2115653002 Cr-Commit-Position: refs/heads/master@{#403280} [modify] https://crrev.com/d29e2068134057599d96b9bfc4fc6b9a3a797a6a/components/cronet/ios/cronet_environment.cc
,
Jul 6
,
Jul 6
|
|||
►
Sign in to add a comment |
|||
Comment 1 by rsleevi@chromium.org
, Jun 30 2016