Open Bug 1796190 Opened 2 years ago Updated 2 years ago

Optimize RemoteSecuritySettings attachment caching

Categories

(Core :: Security: PSM, defect, P3)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

People

(Reporter: jschanck, Assigned: jschanck)

References

Details

RemoteSecuritySettings downloads attachments from the intermediates and cert-revocations Remote Settings collections. Generally we should not need to cache these downloads because we immediately feed the contents into cert_storage. However there seem to be bugs that cause Remote Settings clients to re-download entire collections and their attachments. We might be able mitigate the cost of these bugs by caching downloads.

For cert-revocations it would make some sense to cache for the lifetime of the record, which could be done using the mechanism proposed in Bug 1763626. There is an argument against doing this though, as individual cert-revocations attachments are up to 10 MB in size and we don't want to keep a redundant copy longer than absolutely necessary.

Expiring cache entries after a fixed number of hours or days is another option.

You need to log in before you can comment on or make changes to this bug.