Optimize RemoteSecuritySettings attachment caching
Categories
(Core :: Security: PSM, defect, P3)
Tracking
()
People
(Reporter: jschanck, Assigned: jschanck)
References
Details
RemoteSecuritySettings downloads attachments from the intermediates
and cert-revocations
Remote Settings collections. Generally we should not need to cache these downloads because we immediately feed the contents into cert_storage
. However there seem to be bugs that cause Remote Settings clients to re-download entire collections and their attachments. We might be able mitigate the cost of these bugs by caching downloads.
For cert-revocations
it would make some sense to cache for the lifetime of the record, which could be done using the mechanism proposed in Bug 1763626. There is an argument against doing this though, as individual cert-revocations
attachments are up to 10 MB in size and we don't want to keep a redundant copy longer than absolutely necessary.
Expiring cache entries after a fixed number of hours or days is another option.
Description
•