TransportSecurityState should provide information about whether CT is required |
||
Issue descriptionTSS already tracks policies for HSTS, HPKP, and whether CT is expected. Complete the circle and add the ability to track when CT is required. This should be enforced during socket establishment, similar to HPKP.
,
Jun 30 2016
,
Jun 30 2016
Is there a way to use require-CT right now? Is it expected that the preload list doesn't have a test entry for it?
,
Jun 30 2016
Is there a way to use require-CT right now? Intentionally, no. And certainly not via preload :) Is it expected that the preload list doesn't have a test entry? Yes :) This bug was not about adding it to the preload list. It was about making TransportSecurityState aware of whether it should be required. For the bug this is blocking, TransportSecurityState just needed to be able to reply about the domain policies - there's no need for a preload list. (And subsequent CLs offer the way to wire it up via the Policy & Prefs subsystems, rather than preload, which offers a bit more flexibility) Regarding whether it should (which should be a new bug), I think we MUST resolve some of the issues from Issue 620928 first.
,
Jun 30 2016
Sounds good; just wanted to make sure I didn't miss anything! |
||
►
Sign in to add a comment |
||
Comment 1 by bugdroid1@chromium.org
, Jun 24 2016