Closed Bug 1336226 Opened 7 years ago Closed 2 years ago

gather telemetry on how often the intermediate CA cache is useful to the user


(Core :: Security: PSM, defect, P2)






(Reporter: keeler, Unassigned)


(Whiteboard: [psm-backlog])

See bug 1334485. It would be nice to figure out how often the intermediate CA cache actually helps users (as in, the server didn't send the appropriate intermediates for Firefox to build a trust path to a root without outside knowledge - i.e. the cached intermediates).

I'm thinking at least 3 buckets:

1. Firefox found a path consisting only of certificates the server sent and a trust anchor (should we differentiate built-in vs. non-built-in?)
2. Firefox found a path using the cache
3. Firefox did not find a path
Trouble is, it's really hard to distinguish "Firefox did not find a path because the cert is totally random" vs. "Firefox did not find a path because this is a trusted CA but the server is misconfigured and the missing intermediates aren't in the cache". 

We would want to help a little bit by having a bucket:

4. Certificate is self-signed

which makes bucket 3 a bit less noisy.

Severity: normal → S3

I'm not sure we need this. We know the feature is useful.

Closed: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.