Add HPKP symbol

Any feedback, suggestion, bug reports, problems....
Post Reply
User avatar
Flagfox Developer
Posts: 723
Joined: Wed Oct 03, 2007 9:06 pm
Location: Philadelphia, USA

Re: Add HPKP symbol

Post by DaveG » Sat Jan 13, 2018 6:55 pm

Sorry, I already considered and rejected this idea. If I were adding these features half a year ago, I might've added it, but HPKP is now on its way out. Google announced they're dropping support for it in Google Chrome, and IE/Edge and Safari never supported it at all. Mozilla is currently considering if they should follow suit, and I fully expect they will. It'd be fairly dumb for them to support a standard that's got known problems if nobody else does (though, seeing as it would be dumb, I guess that means there's still a chance for them to keep it...). It looks like the Expect-CT header is to be the replacement, at least according to Google's current whim, but Mozilla doesn't support it yet. If Firefox gets support, I'll consider adding some kind of support as well.

I was looking for other header flags like this, but near as I can tell, there's nothing else really viable to add here. The only other thing I considered was CSP, but that's not something that can be easily summed up with a simple tag. I very much would like to add indication of TLS version, but unfortunately Mozilla doesn't expose any way to do that via the new APIs.



Post Reply