Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Jan Schaumann (jschauma@mstdn.social)'s status on Wednesday, 05-Feb-2025 07:11:00 JST Jan Schaumann

Mozilla announces that Certificate Transparency is now enforced in Firefox, meaning certs lacking SCTs would be untrusted. (This applies to roots in the Firefox root store, so presumably your internal and snakeoil certs are not affected, but I think you want to explicitly verify that.)
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/OagRKpVirsA
In conversation about 2 months ago from mstdn.social permalink
Attachments
1. No result found on File_thumbnail lookup.
  
  Certificate Transparency is now enforced in Firefox on desktop platforms starting with version 135
- GreenSkyOverMe (Monika) repeated this.
- Embed this notice
  Bart Groeneveld (bartavi@mastodon.nl)'s status on Wednesday, 05-Feb-2025 07:11:11 JST Bart Groeneveld
  in reply to
  
  @jschauma I am a complete layman, but it even explicitly states that it will also apply for internal certs: "However, if you were making use of policies to exempt certain internal certificates or domains from CT, you will need to apply those policies to Firefox as well. See https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency#Enterprise_Policies"
  In conversation about 2 months ago permalink
  Attachments
  1. No result found on File_thumbnail lookup.
    
    SecurityEngineering/Certificate Transparency - MozillaWiki

Feeds