Add our website to Firefox' hardcoded Public Key Pinning ("static pins")
On top of doing HPKP (see #9026 (closed)) on our own which provides TOFU, we could ask for inclusion on the preload list from Firefox. Tor is getting there in Firefox 34, why not us as well?
That would be an even stronger mitigation to MitM on our website.
See https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
Current pins: https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/StaticHPKPins.h
Related issues
- Related to #8191 (closed)
- Related to #9026 (closed)
- Related to #16675
Original created by @sajolida on 9027 (Redmine)