SecurityEngineering/Public Key Pinning
Contents
Background
Public Key Pinning is a mechanism for sites to specify which certificate authorities have issued valid certs for that site, and for user-agents to reject TLS connections to those sites if the certificate is not issued by a known-good CA. Public key pinning prevents man-in-the-middle attacks due to rogue CAs not on the site's list (see the Diginotar attack which Chrome detected and we did not: https://blog.mozilla.org/security/2011/08/29/fraudulent-google-com-certificate/).
The feature binds a set of hashes public keys to a domain name such that when connecting to a site using TLS the browser ensures that there is an intersection between the public keys in the computed trust chain and the set of fingerprints associated with that domain. This check is done during the certificate verification phase of the connection, before any data is sent or processed by the browser. In particular we are pinning the sha256 digest of the der encoded subject public key info. In order to reduce rejections, Firefox computes all potential trust chains before deciding that are no valid pins.
Implementation status
Firefox 32 on desktop and later has the ability to enforce built-in pinsets, or mappings of public key information to domains (bug 744204).
Pinning is supported in Firefox 34 and later on Android.
We currently:
- Pin all of the sites that Chrome already does (mainly Google sites) by importing chromium's pinset.
- Pin our own sites after auditing them and cleaning them up.
- Pin other popular sites like Facebook that are in good shape already (with their cooperation, of course)
Currently-pinned Sites
- AMO: *.addons.mozilla.org, *.addons.mozilla.net
- Firefox accounts: *.accounts.firefox.com
- Mozilla CDN: *.cdn.mozilla.{org,net}, *.media.mozilla.com
- Google: too many to list (see everything from https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json with the "google" pinset)
- TOR
Tracking bug for pinning all the things: bug 1004350
How to use pinning
Starting with FF 32, it's on by default, so you don't have to do anything. The pinning level is enforced by a pref, security.cert_pinning.enforcement_level
- 0. Pinning disabled
- 1. Allow User MITM (pinning not enforced if the trust anchor is a user inserted CA, default)
- 2. Strict. Pinning is always enforced.
- 3. Enforce test mode.
More information
- SecurityEngineering/Public_Key_Pinning/SiteOperators
- SecurityEngineering/Public_Key_Pinning/ReleaseEngineering
- SecurityEngineering/Public_Key_Pinning/Implementation_Details
Public Key Pinning Extension for HTTP
In the future, we would like to support dynamic pinsets rather than relying on built-in ones. HTTP Public Key Pinning (HPKP) [1] is an HTTP header that allows sites to announce their pinset. It relies on "clean load" in order to provide a similar level of assurance as built-in pins.
Tracking bug: bug 787133