Issue metadata
Sign in to add a comment
|
Pinned TLS public keys (HPKP) evicted after clearing cache
Reported by
ryan@cyph.com,
Apr 3 2017
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Steps to reproduce the problem: An issue I reported about a year ago that was promptly fixed (https://bugs.chromium.org/p/chromium/issues/detail?id=603682) is now reproducible again, exactly as described in my original issue. What is the expected behavior? What went wrong? Last time it was a misplaced curly brace; not sure about this time. :) Did this work before? Yes Chrome version: 57.0.2987.133 Channel: stable OS Version: OS X 10.11.6 Flash Version: Shockwave Flash 25.0 r0
,
Apr 3 2017
Sorry, actually, upon further investigation it's not _exactly_ the same behaviour. Last time clearing literally any browsing data (e.g. saved passwords) would delete the pinned keys, but now it just happens when clearing the cache specifically.
,
Apr 3 2017
Thank you for providing more feedback. Adding requester "estark@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 3 2017
Re comment 2: I see, that's WAI. https://codereview.chromium.org/7717023/ originally intended to clear HSTS/HPKP data if and only if cache is cleared, and that was the behavior that I restored in the fix for issue 603682 .
,
Apr 3 2017
Oh, oops. Looking back at the commit message for the fix in the issue I linked, I see that what I described here is exactly what the mitigation was at the time; guess I just misremembered (or never actually saw what the fix was and assumed something different). Sorry about that.
,
Jul 10 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by est...@chromium.org
, Apr 3 2017