Make check-revocations mode the default CRLite mode
Categories
(Core :: Security: PSM, enhancement, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox100 | --- | fixed |
People
(Reporter: jschanck, Assigned: jschanck)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
CRLite is currently enabled in telemetry-only mode on non-mobile early beta and nightly builds. Telemetry-only mode double-checks all CRLite results (both "revoked" and "not revoked") against OCSP. In Bug 1753071 we added a new "check-revocations" mode, which only double-checks "revoked" results. This mode gives us most of the privacy and performance benefits of CRLite without any risk of mistakenly blocking access to a site. We should make check-revocations mode the default.
Note that CRLite filter downloads are only enabled by default on non-mobile early beta and nightly builds (https://searchfox.org/mozilla-central/rev/630b197be00e3df3f2e3fe995bf31ca50d146eaa/modules/libpref/init/all.js#199-203). So changing the default mode here will only affect non-mobile early beta and nightly builds.
Assignee | ||
Comment 1•2 years ago
|
||
Pushed by jschanck@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a6ba7b4ee178 Make check-revocations mode the default CRLite mode. r=keeler
Comment 3•2 years ago
|
||
bugherder |
Description
•