HPKP Topic is solved

Support and discussions for the x86/x64 Linux version of Pale Moon.

Moderator: trava90

Post Reply
User avatar
suffix
Hobby Astronomer
Hobby Astronomer
Posts: 18
Joined: 2018-10-26, 08:01
Location: Russia
Contact:

HPKP

Post by suffix » 2019-12-12, 07:05

28.8

"Disabled the use of HPKP by default due to the inherent risks involved with this feature. A preference was added to completely disable header processing, and using preloaded pins is effectively disabled. Please note that this is automatically disabled by default for everyone, regardless of your previous setting for this feature, and it is strongly recommended you keep this feature disabled. HPKP will eventually be removed (overall Internet concensus)."


Please, in future versions do not remove the option to manually enable HPKP support in the settings !

At least before adding dane tlsa verification support !

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 26676
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: HPKP

Post by Moonchild » 2019-12-12, 09:51

DANE/TLSA is not planned for implementation.
If you want to have DNSSEC verification, you could look at potential extensions for it (There is a DNSSEC/TLSA validator "legacy" Firefox extension that might work), but this won't be added to the core.
"There will be times when the position you advocate, no matter how well framed and supported, will not be accepted by the public simply because you are who you are." -- Merrill Rose
Image

Post Reply