Note: There are a few cases of duplicates in user autocompletion which are being worked on.

gather telemetry on how often the intermediate CA cache is useful to the user




Security: PSM
6 months ago
5 months ago


(Reporter: keeler, Unassigned)


Firefox Tracking Flags

(Not tracked)


(Whiteboard: [psm-backlog])

See bug 1334485. It would be nice to figure out how often the intermediate CA cache actually helps users (as in, the server didn't send the appropriate intermediates for Firefox to build a trust path to a root without outside knowledge - i.e. the cached intermediates).

I'm thinking at least 3 buckets:

1. Firefox found a path consisting only of certificates the server sent and a trust anchor (should we differentiate built-in vs. non-built-in?)
2. Firefox found a path using the cache
3. Firefox did not find a path
Trouble is, it's really hard to distinguish "Firefox did not find a path because the cert is totally random" vs. "Firefox did not find a path because this is a trusted CA but the server is misconfigured and the missing intermediates aren't in the cache". 

We would want to help a little bit by having a bucket:

4. Certificate is self-signed

which makes bucket 3 a bit less noisy.

You need to log in before you can comment on or make changes to this bug.