Bug 1012875: Expire pins in 8 weeks once they reach stable (r=keeler, a=lmandel)
authorMonica Chew <mmc@mozilla.com>
Thu, 03 Jul 2014 11:10:42 -0700
changeset 207624 2a985fb59e4b62fcfe73d78661720660e7f0f80c
parent 207623 2bc0bc0e14a3520442f1894608d88b27ce3fcf04
child 207625 e823f44044970dfdc2695ca2ab78bbdfa2409cb6
push id3741
push userasasaki@mozilla.com
push dateMon, 21 Jul 2014 20:25:18 +0000
treeherdermozilla-beta@4d6f46f5af68 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, lmandel
bugs1012875
milestone32.0a2
Bug 1012875: Expire pins in 8 weeks once they reach stable (r=keeler, a=lmandel)
security/manager/tools/genHPKPStaticPins.js
--- a/security/manager/tools/genHPKPStaticPins.js
+++ b/security/manager/tools/genHPKPStaticPins.js
@@ -28,18 +28,18 @@ let gCertDB = Cc["@mozilla.org/security/
                  .getService(Ci.nsIX509CertDB2);
 gCertDB.QueryInterface(Ci.nsIX509CertDB);
 
 const BUILT_IN_NICK_PREFIX = "Builtin Object Token:";
 const SHA1_PREFIX = "sha1/";
 const SHA256_PREFIX = "sha256/";
 const GOOGLE_PIN_PREFIX = "GOOGLE_PIN_";
 
-// Pins expire in 18 weeks
-const PINNING_MINIMUM_REQUIRED_MAX_AGE = 60 * 60 * 24 * 7 * 18;
+// Pins expire in 14 weeks (6 weeks on Beta + 8 weeks on stable)
+const PINNING_MINIMUM_REQUIRED_MAX_AGE = 60 * 60 * 24 * 7 * 14;
 
 const FILE_HEADER = "/* This Source Code Form is subject to the terms of the Mozilla Public\n" +
 " * License, v. 2.0. If a copy of the MPL was not distributed with this\n" +
 " * file, You can obtain one at http://mozilla.org/MPL/2.0/. */\n" +
 "\n" +
 "/*****************************************************************************/\n" +
 "/* This is an automatically generated file. If you're not                    */\n" +
 "/* PublicKeyPinningService.cpp, you shouldn't be #including it.              */\n" +