New issue
Advanced search Search tips

Issue 656227 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Closed: Oct 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug



Sign in to add a comment

Turn off Expect-Staple reporting for private roots

Project Member Reported by est...@chromium.org, Oct 15 2016

Issue description

Expect-Staple reports for private roots are noisy and mostly useless for site owners; they generally just indicate that the MITM proxy does not staple OCSP responses, which is behaving as expected. Moreover, they don't give us any insight into the MITM issue that we really care about, which is whether MITM proxies blindly copy the Must-Staple extension ( issue 633732 ).
 
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 18 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/53e947a174c199d639065dea59b736b30fb3bf08

commit 53e947a174c199d639065dea59b736b30fb3bf08
Author: estark <estark@chromium.org>
Date: Tue Oct 18 02:39:29 2016

Turn off Expect-Staple reporting for private roots

Previously, Expect-Staple reports were sent for certificates chaining to
private roots, but with the certificate chains stripped out. However,
these reports are mostly just noise for site owners; they tend to
indicate that a MITM proxy did not provide an OCSP response, which is to
be expected. Moreover, these reports are not useful for answering the
interesting question about MITM proxies, which is whether they blindly
copy Must-Staple extensions ( issue 633732 ). Thus, this CL disables
Expect-Staple reporting for private roots.

BUG= 656227 

Review-Url: https://codereview.chromium.org/2420203003
Cr-Commit-Position: refs/heads/master@{#425866}

[modify] https://crrev.com/53e947a174c199d639065dea59b736b30fb3bf08/net/http/transport_security_state.cc
[modify] https://crrev.com/53e947a174c199d639065dea59b736b30fb3bf08/net/http/transport_security_state.h
[modify] https://crrev.com/53e947a174c199d639065dea59b736b30fb3bf08/net/http/transport_security_state_unittest.cc

Comment 2 by est...@chromium.org, Oct 18 2016

Labels: M-56
Status: Fixed (was: Started)

Sign in to add a comment