Use content signature instead of cert pinning for GMP updates on all channels
Categories
(Core :: Audio/Video: GMP, task, P2)
Tracking
()
People
(Reporter: bryce, Assigned: bryce)
References
Details
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-esr91+
|
Details | Review |
In bug 1714621 we started using content signatures for GMP updates, but limited the usage to early beta + nightly. We should roll this out to all channels.
We'll want to get this rolled out sufficiently that we have good coverage by July 2022, when the cert we have pinned will expire. This won't be a catastrophic failure for affected users -- they will just end up using our fallback URLs we bake into Firefox. However, if these fallbacks end up pointing to a CDM that is deactivated at the time, that would be catastrophic (i.e. DRM playback will stop working).
I'm still investigating failure rates being higher than I'd like with these updates (see bug 1739664). However, our data so far indicates that there is no significant changes in failure rates between the old cert pinning approach and the new content sig one. So it seems likely that that the cause of these failures lies outside these verification mechanisms.
|
Assignee | |
Comment 1•4 years ago
|
||
I plan to keep the changes here minimal, so we have something easy to uplift or revert as needed (hopefully not so much revert). I.e. we can remove the cert pinning path and rework tests in another bug, but I don't want to do that here.
|
|
Assignee | |
Comment 2•4 years ago
|
||
This sets up prefs so by default any release will use the content signature path
for GMP updates, rather than cert pinning. This intentionally leaves in place
the old cert pinning machinery so that we can still use if we need to
- Compare the new and old for things like debugging.
- Revert these changes in the case of regressions (either by shipping a patch or
something like normandy).
This patch is also small to enable it to be uplifted easily.
Once we're sure this new path is good, a larger patch can follow up to remove
the cert pinning code + rework our tests.
|
||
Comment 4•4 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 5•4 years ago
|
||
[Tracking Requested - why for this release]: track for ESR as there will be a window where this may be required for GMP updates to continue working at the end of the 91 life cycle. I.e. once this has rolled our further we should uplift to ESR.
|
||
Updated•4 years ago
|
|
|
Assignee | |
Comment 6•4 years ago
|
||
Comment on attachment 9269118 [details]
Bug 1760527 - Use content signature instead of cert pinning everywhere for GMP updates. r?gijs
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: Bustage to DRM media playback and OpenH264 based WebRTC functionality.
- User impact if declined: Come July 2022 our certificate used for old GMP updates will expire, and users on ESR 91 will not be able to receive GMP updates.
- Fix Landed on Version: 101 (pref flip)
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Low risk as this is just a pref flip. We've landed the prior work needed to handle this in bug 1714621.
|
|
||
Updated•4 years ago
|
|
|
||
Comment 7•4 years ago
|
||
Comment on attachment 9269118 [details]
Bug 1760527 - Use content signature instead of cert pinning everywhere for GMP updates. r?gijs
Let's get this into 91.10esr so there's time to address any fallout before we're up against the July deadline.
|
|
||
Comment 8•4 years ago
|
||
| bugherder uplift | ||
Description
•