Open Bug 1538644 Opened 5 years ago Updated 4 years ago

Consider using a separate domain for MitM priming

Categories

(Firefox :: Security, enhancement, P3)

Product:
Firefox
Component:
Security
Type:
enhancement

Tracking

()

People

(Reporter: johannh, Unassigned)

References

(Blocks 2 open bugs)

Details

In bug 1529643 we enabled automatically detecting man in the middle software using a priming network request to https://mitmdetection.services.mozilla.com/. According to reports from Philipp (SUMO), some AV vendors actually exempt Mozilla domains from their interception to allow for updates etc.

We should figure out if this is really an issue and if so, we should consider adding a new domain specifically for MitM detection.

See Also: → 1551266
Blocks: 1636960

Hey :wezhou, as mentioned via email we'd need support from Ops here, and you mentioned that you could handle prioritization. Is there anything else you need?

Thanks!

Severity: normal → S3
Flags: needinfo?(wezhou)

Is there any data to show how many users are having issues with https://mitmdetection.services.mozilla.com/ being the endpoint?

Flags: needinfo?(wezhou)

Not really and it's hard to measure, since that URL is what's used to find issues in the first place :)

This is mostly based on our subjective feeling based on SUMO reports.

You need to log in before you can comment on or make changes to this bug.