Expect-CT is deprecated, consider removing or disabling by default #72

jamie-taylor-rjj · 2023-05-11T19:38:46Z

10k ft View

The following comes directly from the OWASP Secure Headers Project (as of May 11th, 2023):

Deprecated.

⚠️ Warning: This header will likely become obsolete in June 2021. Since May 2018 new certificates are expected to support SCTs by default. Certificates before March 2018 were allowed to have a lifetime of 39 months, those will all be expired in June 2021.

source: https://owasp.org/www-project-secure-headers/#expect-ct

The MDN page for Expect-CT goes into this further:

Note: The Expect-CT is mostly obsolete since June 2021. Since May 2018, all new TLS certificates are expected to support SCTs by default. Certificates issued before March 2018 were allowed to have a lifetime of 39 months, so they had expired in June 2021. Chromium plans to deprecate Expect-CT header and to eventually remove it.

Rather than remove it, perhaps set its default value to disabled.

jamie-taylor-rjj · 2023-05-11T21:50:58Z

This was closed in #78

GaProgMan added bug branch required labels May 11, 2023

jamie-taylor-rjj mentioned this issue May 11, 2023

Bugfix/expect ct deprecated #78

Merged

jamie-taylor-rjj closed this as completed May 11, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Expect-CT is deprecated, consider removing or disabling by default #72

Expect-CT is deprecated, consider removing or disabling by default #72

jamie-taylor-rjj commented May 11, 2023 •

edited

Loading

jamie-taylor-rjj commented May 11, 2023

Expect-CT is deprecated, consider removing or disabling by default #72

Expect-CT is deprecated, consider removing or disabling by default #72

Comments

jamie-taylor-rjj commented May 11, 2023 • edited Loading

10k ft View

jamie-taylor-rjj commented May 11, 2023

jamie-taylor-rjj commented May 11, 2023 •

edited

Loading