> { "aus5.mozilla.org", true, true, true, 7, &kPinset_mozilla },Just for clarification and future reference, the second "true" means this entry is in test mode, so it's not actually enforced by default. On Mon, Jan 4, 2016 at 1:08 PM, Dave Townsend <dtowns...@mozilla.com> wrote: > aus5 (the server the app updater checks) is still pinned: > > https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/StaticHPKPins.h#739 > > On Mon, Jan 4, 2016 at 12:54 PM, Robert Strong <rstr...@mozilla.com> > wrote: > > On Mon, Jan 4, 2016 at 12:46 PM, Jesper Kristensen < > > moznewsgro...@something.to.remove.jesperkristensen.dk> wrote: > > > >> Den 04-01-2016 kl. 19:45 skrev Daniel Holbert: > >> > >>> On 01/04/2016 10:33 AM, Josh Matthews wrote: > >>> > >>>> Wouldn't the SSL cert failures also prevent submitting the telemetry > >>>> payload to Mozilla's servers? > >>>> > >>> > >>> Hmm... actually, I'll bet the cert errors will prevent Firefox updates, > >>> for that matter! (I'm assuming the update-check is performed over > HTTPS.) > >>> > >> > >> If I remember correctly, update checks are pinned to a specific CA, so > >> updates for users with software that MITM AUS would already be broken? > > > > That was removed awhile ago in favor of using mar signing as an exploit > > mitigation. > > > > > > > >> > >> _______________________________________________ > >> dev-platform mailing list > >> dev-platform@lists.mozilla.org > >> https://lists.mozilla.org/listinfo/dev-platform > >> > > _______________________________________________ > > dev-platform mailing list > > dev-platform@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
