Closed Bug 1761109 Opened 2 years ago Closed 2 years ago

Make check-revocations mode the default CRLite mode

Categories

(Core :: Security: PSM, enhancement, P1)

Product:
Core
Component:
Security: PSM
Version:
Firefox 100
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
100 Branch
Tracking Flags:
Tracking Status
firefox100 --- fixed

People

(Reporter: jschanck, Assigned: jschanck)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1761109 - Make check-revocations mode the default CRLite mode. r=keeler
48 bytes, text/x-phabricator-request
Details | Review

CRLite is currently enabled in telemetry-only mode on non-mobile early beta and nightly builds. Telemetry-only mode double-checks all CRLite results (both "revoked" and "not revoked") against OCSP. In Bug 1753071 we added a new "check-revocations" mode, which only double-checks "revoked" results. This mode gives us most of the privacy and performance benefits of CRLite without any risk of mistakenly blocking access to a site. We should make check-revocations mode the default.

Note that CRLite filter downloads are only enabled by default on non-mobile early beta and nightly builds (https://searchfox.org/mozilla-central/rev/630b197be00e3df3f2e3fe995bf31ca50d146eaa/modules/libpref/init/all.js#199-203). So changing the default mode here will only affect non-mobile early beta and nightly builds.

Pushed by jschanck@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a6ba7b4ee178
Make check-revocations mode the default CRLite mode. r=keeler

https://hg.mozilla.org/mozilla-central/rev/a6ba7b4ee178

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox100: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 100 Branch
Blocks: crlite
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: