Closed
Bug 1576755
Opened 5 years ago
Closed 5 years ago
"unknown" bucket for CERT_VALIDATION_SUCCESS_BY_CA seems high and inconsistent
Categories
(Core :: Security: PSM, task, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla71
Tracking | Status | |
---|---|---|
firefox71 | --- | fixed |
People
(Reporter: keeler, Assigned: keeler)
References
Details
(Whiteboard: [psm-assigned])
Attachments
(1 file)
See e.g. https://mzl.la/343kA8P - 0 is the "unknown CA" bucket for CERT_VALIDATION_SUCCESS_BY_CA. 20% seems a bit high (our usual explanation is "imported/enterprise" roots).
Comment 1•5 years ago
|
||
We could add a new telemetry for whether unknown cas are coming from the OS store, the local store, and maybe other properties.
Assignee | ||
Updated•5 years ago
|
Assignee: nobody → dkeeler
Priority: P2 → P1
Whiteboard: [psm-assigned]
Assignee | ||
Comment 2•5 years ago
|
||
The "unknown" bucket is inconsistent and often much higher than we expect. This
patch splits that bucket by adding the categories "from softoken (cert9.db)",
"from an external PKCS#11 token", and "imported from the OS via the 'Enterprise
Roots' feature". Hopefully this will give us more insight into this data.
Updated•5 years ago
|
Attachment #9089225 -
Attachment description: 1576755 - split "unknown" bucket in CERT_VALIDATION_SUCCESS_BY_CA (and other _BY_CA probes) r?jcj → bug 1576755 - split "unknown" bucket in CERT_VALIDATION_SUCCESS_BY_CA (and other _BY_CA probes) r?jcj
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d55c56bc0e57 split "unknown" bucket in CERT_VALIDATION_SUCCESS_BY_CA (and other _BY_CA probes) r=jcj,kjacobs
Comment 4•5 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox71:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
You need to log in
before you can comment on or make changes to this bug.
Description
•