New issue
Advanced search Search tips

Issue 785702 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Aug 15
Cc:
ios-bugs@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , iOS , Chrome , Mac
Pri: 3
Type: Bug



Sign in to add a comment

Enforce a cap of 100 domains for preloaded Expect-CT/Expect-Staple

Project Member Reported by lgar...@chromium.org, Nov 16 2017

Comment 1 by marti...@chromium.org, Nov 16 2017 

There currently is a limit of ~16* Expect-CT/Expect-Staple entries because of the binary format.

The Expect-CT & Expect-Staple report-URIs (IDs) are encoded with 4 bits so the generator will fail when there are more then 16 distinct report-URIs until we change the format.

* Multiple entries can reference the same report-URI so there can be more entries in theory.

Comment 2 by elawrence@chromium.org, Feb 5 2018 

We've started rejecting (as in, saying "No, sorry") to folks asking for Expect-* entries, so technical enforcement is only a Nice-to-Have.

Comment 3 by lgar...@chromium.org, Aug 15

Status: WontFix (was: Available)
Since we're officially not accepting more entries [1], no need to keep this bug around.

https://github.com/chromium/hstspreload.org/wiki/Preload-List-Processes#preloading-other-security-mechanisms

Sign in to add a comment