New issue
Advanced search Search tips

Issue 824477 link

Starred by 1 user
Status: Assigned
Owner:
est...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 3
Type: Bug



Sign in to add a comment

Expect-CT report effective-expiration-date should be null or omitted when there is no expiration date

Reported by scott.he...@gmail.com, Mar 21 2018 
Chrome Version: 64.0.3282.186

What steps will reproduce the problem?
1. Deploy an Expect-CT policy with reporting enabled.
2. Visit a page that will trigger a report.
3. Inspect the JSON payload of the report.

What is the expected result?
The policy delivered is:

Expect-CT: max-age=0, report-uri="https://scotthelme.report-uri.com/r/d/ct/reportOnly"

This means the policy does not have an effective expiration because it isn't enforced and has a max-age of 0. The effective-expiration-date should be the current timestamp or something like null.

What happens instead of that?

I receive the follow report:

{ "expect-ct-report": {
    "date-time":"2018-03-21T20:21:40.430Z",
    "effective-expiration-date":"1601-01-01T00:00:00.000Z",
    "hostname":"scotthelme.co.uk",
    "port":443,
    "scts":[],
    "served-certificate-chain":[
        "-----BEGIN CERTIFICATE-----\nMIIEljCCA36gAwIBAgISBNufzSlJg5cIbuD2eO60ssA8MA0GCSqGSIb3DQEBCwUA\nMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD\nExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODAzMTQyMzAwMjJaFw0x\nODA2MTIyMzAwMjJaMBsxGTAXBgNVBAMTEHNjb3R0aGVsbWUuY28udWswWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASCKm6uKC+amuRGFOTtXo0Bh+nNIlbs5XsEVWaP\n1Ly7igGeofm+tgvE7LcyHndWAWvNaXT2MmWE2DaIoQ81MZp8o4ICbjCCAmowDgYD\nVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV\nHRMBAf8EAjAAMB0GA1UdDgQWBBSB4hotSU3n5hqucTUKcHtpoNypRTAfBgNVHSME\nGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYB\nBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYB\nBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMGYGA1Ud\nEQRfMF2CFmVjZHNhLnNjb3R0aGVsbWUuY28udWuCEHNjb3R0aGVsbWUuY28udWuC\nFHd3dy5zY290dGhlbG1lLmNvLnVrght4bi0tbHY4aGFhLnNjb3R0aGVsbWUuY28u\ndWswEQYIKwYBBQUHARgEBTADAgEFMIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHm\nBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j\ncnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkg\nb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkg\naW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQg\nYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcN\nAQELBQADggEBACzxQ3F3LVUn8YJph/MnrYatVDuCLdRwoqKW9CSsblBk57fSofvE\nPShYcoGJhiFGZGJ7nVB6p4Z3k5XyaYoM5PQPaYu8Yt20w+0Wqldbub3CJD3vB4oz\nB8zoIZuOaBx4hskUawnBpKuSRBly/qU0qJ0yuEhH0aonJnjRwWsc82DSZaPcf/Sp\nRQ2sKeq4QnzRB+goIpU2rq8y43ScuRolUHJMSz6YzD/QuFIf5VvrhL6DlT5JWXjq\n8lBiJL3FnsKriSq2V5kj+mPe5aMTJLZ0bAEC+GPbVT71FYcmabkRv9lApf2DQtDN\nWbf5hsfHL02RihGAnV6TZNEim+UB7mhOQtE=\n-----END CERTIFICATE-----\n",
        "-----BEGIN CERTIFICATE-----\nMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow\nSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT\nGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF\nq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8\nSMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0\nZ8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA\na6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj\n/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T\nAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG\nCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv\nbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k\nc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw\nVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC\nARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz\nMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu\nY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF\nAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo\nuM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/\nwApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu\nX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG\nPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6\nKOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==\n-----END CERTIFICATE-----\n"],
    "validated-certificate-chain":[
        "-----BEGIN CERTIFICATE-----\nMIIEljCCA36gAwIBAgISBNufzSlJg5cIbuD2eO60ssA8MA0GCSqGSIb3DQEBCwUA\nMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD\nExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODAzMTQyMzAwMjJaFw0x\nODA2MTIyMzAwMjJaMBsxGTAXBgNVBAMTEHNjb3R0aGVsbWUuY28udWswWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASCKm6uKC+amuRGFOTtXo0Bh+nNIlbs5XsEVWaP\n1Ly7igGeofm+tgvE7LcyHndWAWvNaXT2MmWE2DaIoQ81MZp8o4ICbjCCAmowDgYD\nVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV\nHRMBAf8EAjAAMB0GA1UdDgQWBBSB4hotSU3n5hqucTUKcHtpoNypRTAfBgNVHSME\nGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYB\nBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYB\nBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMGYGA1Ud\nEQRfMF2CFmVjZHNhLnNjb3R0aGVsbWUuY28udWuCEHNjb3R0aGVsbWUuY28udWuC\nFHd3dy5zY290dGhlbG1lLmNvLnVrght4bi0tbHY4aGFhLnNjb3R0aGVsbWUuY28u\ndWswEQYIKwYBBQUHARgEBTADAgEFMIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHm\nBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j\ncnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkg\nb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkg\naW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQg\nYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcN\nAQELBQADggEBACzxQ3F3LVUn8YJph/MnrYatVDuCLdRwoqKW9CSsblBk57fSofvE\nPShYcoGJhiFGZGJ7nVB6p4Z3k5XyaYoM5PQPaYu8Yt20w+0Wqldbub3CJD3vB4oz\nB8zoIZuOaBx4hskUawnBpKuSRBly/qU0qJ0yuEhH0aonJnjRwWsc82DSZaPcf/Sp\nRQ2sKeq4QnzRB+goIpU2rq8y43ScuRolUHJMSz6YzD/QuFIf5VvrhL6DlT5JWXjq\n8lBiJL3FnsKriSq2V5kj+mPe5aMTJLZ0bAEC+GPbVT71FYcmabkRv9lApf2DQtDN\nWbf5hsfHL02RihGAnV6TZNEim+UB7mhOQtE=\n-----END CERTIFICATE-----\n",
        "-----BEGIN CERTIFICATE-----\nMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow\nSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT\nGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF\nq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8\nSMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0\nZ8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA\na6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj\n/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T\nAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG\nCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv\nbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k\nc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw\nVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC\nARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz\nMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu\nY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF\nAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo\nuM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/\nwApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu\nX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG\nPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6\nKOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==\n-----END CERTIFICATE-----\n",
        "-----BEGIN CERTIFICATE-----\nMIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow\nPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD\nEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O\nrz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq\nOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b\nxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw\n7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD\naeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV\nHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG\nSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69\nikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr\nAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz\nR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5\nJDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo\nOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ\n-----END CERTIFICATE-----\n"]
    }
}

Comment 1 by est...@chromium.org, Mar 21 2018

Components: Internals>Network>DomainSecurityPolicy
Labels: M-67 Hotlist-GoodFirstBug OS-Android OS-Chrome OS-Linux OS-Windows
Owner: est...@chromium.org
Status: Assigned (was: Unconfirmed)
Summary: Expect-CT report effective-expiration-date should be null or omitted when there is no expiration date (was: Expect-CT report effective-expiration-date field is inconsistent)
Yeah, this is weird though expected. There is no effective-expiration-date in this case because the policy hasn't been stored and thus doesn't expire. We should probably set it to null or just omit that key entirely from the report.

Comment 2 by scott.he...@gmail.com, Mar 21 2018 

We already have handling in place for the field being omitted so if you want to do that, it gets my vote! :)

Sign in to add a comment