The default bug view has changed. See this FAQ.

gather telemetry on how often the intermediate CA cache is useful to the user

NEW
Unassigned

Status

()

Core
Security: PSM
P2
normal
2 months ago
a month ago

People

(Reporter: keeler, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [psm-backlog])

See bug 1334485. It would be nice to figure out how often the intermediate CA cache actually helps users (as in, the server didn't send the appropriate intermediates for Firefox to build a trust path to a root without outside knowledge - i.e. the cached intermediates).

I'm thinking at least 3 buckets:

1. Firefox found a path consisting only of certificates the server sent and a trust anchor (should we differentiate built-in vs. non-built-in?)
2. Firefox found a path using the cache
3. Firefox did not find a path
Trouble is, it's really hard to distinguish "Firefox did not find a path because the cert is totally random" vs. "Firefox did not find a path because this is a trusted CA but the server is misconfigured and the missing intermediates aren't in the cache". 

We would want to help a little bit by having a bucket:

4. Certificate is self-signed

which makes bucket 3 a bit less noisy.

Gerv
You need to log in before you can comment on or make changes to this bug.