Closed Bug 1576755 Opened 5 years ago Closed 5 years ago

"unknown" bucket for CERT_VALIDATION_SUCCESS_BY_CA seems high and inconsistent

Categories

(Core :: Security: PSM, task, P1)

task

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox71 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

See e.g. https://mzl.la/343kA8P - 0 is the "unknown CA" bucket for CERT_VALIDATION_SUCCESS_BY_CA. 20% seems a bit high (our usual explanation is "imported/enterprise" roots).

We could add a new telemetry for whether unknown cas are coming from the OS store, the local store, and maybe other properties.

Assignee: nobody → dkeeler
Priority: P2 → P1
Whiteboard: [psm-assigned]

The "unknown" bucket is inconsistent and often much higher than we expect. This
patch splits that bucket by adding the categories "from softoken (cert9.db)",
"from an external PKCS#11 token", and "imported from the OS via the 'Enterprise
Roots' feature". Hopefully this will give us more insight into this data.

Attachment #9089225 - Attachment description: 1576755 - split "unknown" bucket in CERT_VALIDATION_SUCCESS_BY_CA (and other _BY_CA probes) r?jcj → bug 1576755 - split "unknown" bucket in CERT_VALIDATION_SUCCESS_BY_CA (and other _BY_CA probes) r?jcj
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d55c56bc0e57
split "unknown" bucket in CERT_VALIDATION_SUCCESS_BY_CA (and other _BY_CA probes) r=jcj,kjacobs
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
Regressions: 1578732
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: