Expose Certificate Transparency compliance status in DevTools security panel overview |
||||||||
Issue descriptionFeature request for showing the CT compliance status of a given certificate in the DevTools security panel. Right now the "raw" CT information is presented: Which SCTs were received and their validation status. However that does not tell the user if the certificate is actually compliant with Chrome's CT policy. This is essential since CT is going to be required for new certs starting October 2017. The most reliable way for a site owner to determine if certificates will be compliant is through Chrome. (the use case I have in mind here is a site operator that has a certain method for obtaining certificates and they want to make sure that certificates obtained using this method are CT complaint, so that new certificates issued past October 2017 using the same method will be CT compliant).
,
Feb 27 2017
,
Feb 27 2017
,
Nov 10 2017
,
Nov 10 2017
,
Feb 18 2018
,
Apr 5 2018
In progress screenshots attached. (The second one is a note I added for when a resource was served from cache and some security details, including CT compliance status, might be missing.)
,
Apr 6 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/789f5a95a8156a26027cad9ce9203b37af0395df commit 789f5a95a8156a26027cad9ce9203b37af0395df Author: Emily Stark <estark@google.com> Date: Fri Apr 06 05:07:07 2018 Add CT compliance status to DevTools security panel This shows the CT compliance status in the Certificate Transparency section of the Security Panel origin details view. Showing the SCTs themselves isn't sufficient because a site could have e.g. not enough SCTs or SCTs from an insufficent set of logs, and thus might not be CT-compliance even though it has SCTs. I also added a message about when a resource was loaded from cache to the origin details view. This is useful beacuse not all security details are stored in the cache, so it can explain why some security details (including SCTs and CT compliance status) can be missing in this view sometimes. Bug: 695610 Change-Id: Ib9c8b0af5a08dbc5eefcf778fc030c045622505e Reviewed-on: https://chromium-review.googlesource.com/998445 Commit-Queue: Emily Stark <estark@chromium.org> Reviewed-by: Pavel Feldman <pfeldman@chromium.org> Reviewed-by: Andrey Kosyakov <caseq@chromium.org> Cr-Commit-Position: refs/heads/master@{#548677} [modify] https://crrev.com/789f5a95a8156a26027cad9ce9203b37af0395df/content/browser/devtools/protocol/network_handler.cc [add] https://crrev.com/789f5a95a8156a26027cad9ce9203b37af0395df/third_party/WebKit/LayoutTests/http/tests/devtools/security/origin-view-ct-compliance-expected.txt [add] https://crrev.com/789f5a95a8156a26027cad9ce9203b37af0395df/third_party/WebKit/LayoutTests/http/tests/devtools/security/origin-view-ct-compliance.js [modify] https://crrev.com/789f5a95a8156a26027cad9ce9203b37af0395df/third_party/WebKit/LayoutTests/http/tests/devtools/security/security-details-updated-with-security-state.js [modify] https://crrev.com/789f5a95a8156a26027cad9ce9203b37af0395df/third_party/WebKit/Source/core/inspector/InspectorNetworkAgent.cpp [modify] https://crrev.com/789f5a95a8156a26027cad9ce9203b37af0395df/third_party/WebKit/Source/core/inspector/browser_protocol.json [modify] https://crrev.com/789f5a95a8156a26027cad9ce9203b37af0395df/third_party/WebKit/Source/core/inspector/browser_protocol.pdl [modify] https://crrev.com/789f5a95a8156a26027cad9ce9203b37af0395df/third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js [modify] https://crrev.com/789f5a95a8156a26027cad9ce9203b37af0395df/third_party/WebKit/Source/devtools/front_end/security/originView.css
,
Apr 6 2018
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by lgar...@chromium.org
, Feb 23 2017264 KB
264 KB View Download