Closed Bug 995684 Opened 11 years ago Closed 7 years ago

Stub installer increase in certificate untrusted errors since bug 803531

Categories

(Firefox :: Installer, defect, P3)

Product:
Firefox
Component:
Installer
Platform:
x86_64
Windows 8.1
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: robert.strong.bugs, Unassigned)

References

(Depends on 1 open bug)

Details

(Whiteboard: [stubv3=])

Attachments

(1 file)

69bd76a0.png
369.66 KB, image/png
Details
When bug 803531 landed there was an increase of certificate attribute check failures which can be explained as people using the old stub installer which did not have the new certificate attributes defined. There was also an increase in certificate untrusted failures which is not understood. Cert Untrusted Cert Attributes 10/06/13 8041 0.16% 3349 0.07% 10/13/13 7726 0.16% 2900 0.06% 10/20/13 7354 0.15% 2785 0.06% 10/27/13 98644 1.98% 287103 5.77% 11/03/13 150167 2.88% 248665 4.78% 11/10/13 127242 2.57% 173149 3.50% 11/17/13 81912 1.65% 142747 2.88% 11/24/13 76825 1.66% 119272 2.58% 12/01/13 75282 1.61% 105923 2.26% 12/08/13 74587 1.61% 96758 2.09% 12/15/13 73123 1.60% 89724 1.96% 12/22/13 67802 1.53% 82087 1.85% 12/29/13 66586 1.57% 74171 1.75% 01/05/14 78741 1.64% 76485 1.59% 01/12/14 78394 1.57% 70767 1.42% 01/19/14 82109 1.61% 68042 1.34% 01/26/14 77900 1.58% 63939 1.30% 02/02/14 77956 1.52% 63606 1.24% 02/09/14 78110 1.56% 57852 1.16% 02/16/14 78229 1.53% 57226 1.12% 02/23/14 75131 1.49% 51637 1.02% 03/02/14 71938 1.49% 45987 0.95% 03/09/14 68395 1.46% 43660 0.93% 03/16/14 69783 1.38% 45046 0.89% 03/23/14 69947 1.37% 41112 0.80% 03/30/14 66814 1.39% 39144 0.82% The failure rate for the certificate being untrusted has been extremely stable since the stub installer was rolled out and since the certificate was changed in bug 803531 it has been decreasing extremely slowly especially when compared to the certificate attribute failures. If anything, I would have expected the certificate untrusted failures to drop quicker than the certificate attribute failures unless there are a significantly larger number of systems in the world that don't trust the "DigiCert Assured ID Code Signing CA-1" certificate than the previous "Thawte Code Signing CA - G2" certificate. The increase in failures equates to several million failed installs per year though the majority of those do open the page to download the full installer so some portion of those are successfully installing via the full installer. Note: bug 938117 has some details regarding the increase in certificate attribute check failures.
Breakdown by OS: Windows XP 84.67% Windows 2003 1.21% Windows Vista 2.52% Windows 7 10.24% Windows 8 1.36%
(In reply to Robert Strong [:rstrong] (use needinfo to contact me) from comment #0) > The increase in failures equates to several million failed installs per year > though the majority of those do open the page to download the full installer > so some portion of those are successfully installing via the full installer. Do we know that they are successfully installing the full installer? Isn't it signed by the same certificate and likely to hit the same errors?
I guess Windows just warns that it is an unknown publisher but lets you click through? Been a while since I've tried that case.
(In reply to Daniel Veditz [:dveditz] from comment #2) > (In reply to Robert Strong [:rstrong] (use needinfo to contact me) from > comment #0) > > The increase in failures equates to several million failed installs per year > > though the majority of those do open the page to download the full installer > > so some portion of those are successfully installing via the full installer. > > Do we know that they are successfully installing the full installer? We don't know but I believe that all the user would see is a certificate error and that they would still be able to install. > Isn't > it signed by the same certificate and likely to hit the same errors? No. The stub installer verifies that the downloaded full installer's certificate is both trusted and has the expected attributes.
(In reply to Robert Strong [:rstrong] (use needinfo to contact me) from comment #0) > The failure rate for the certificate being untrusted has been extremely > stable since the stub installer was rolled out and since the certificate was > changed in bug 803531 it has been decreasing extremely slowly especially > when compared to the certificate attribute failures. If anything, I would > have expected the certificate untrusted failures to drop quicker than the > certificate attribute failures unless there are a significantly larger > number of systems in the world that don't trust the "DigiCert Assured ID > Code Signing CA-1" certificate than the previous "Thawte Code Signing CA - > G2" certificate. I'm in the process of bringing up an XP SP2 machine to have a look at its root certificate store. I think that will help us reason about this better.
Attached image 69bd76a0.png
So, I got this machine up and running and AFAICT both our old and new certificate work fine on a vanilla XP SP2 machine. I'm actually a little surprised by this because I haven't been able to find the DigiCert root anywhere in the root certificate store. (There's a digicert EV one, but it's not the one our cert comes from.) I'm wondering if the "Signature is OK" messages are lies...
I was able to install Firefox 28.0 via the stub installer on my XP SP2 machine, for what it's worth. I installed from an ISO w/ SP2 included. Maybe that's a different configuration than original XP that's been updated to SP2? I'll see if I can try that out, too. I also wonder if it's possible that many of these are install attempts from unsupported versions of Windows, like XP pre-SP2. Is that a possibility?
Using the v6 stub ping I get the following breakdown of OS's that get this error WinXP SP2 23.89% WinXP SP3 62.83% Win 2003 SP1 1.77% Win Vista 0.88% Win Vista SP1 1.77% Win Vista SP2 0.44% Win 7 1.33% Win 7 SP1 5.75% Win 8 1.33%
Current percentages by week Week Untrusted Attributes Untrusted & Attributes 10/06/13 0.16% 0.07% 0.01% 10/13/13 0.16% 0.06% 0.01% 10/20/13 0.15% 0.06% 0.01% 10/27/13 1.98% 5.77% 0.22% 11/03/13 2.88% 4.78% 0.21% 11/10/13 2.57% 3.50% 0.16% 11/17/13 1.65% 2.88% 0.16% 11/24/13 1.66% 2.58% 0.10% 12/01/13 1.61% 2.26% 0.09% 12/08/13 1.61% 2.09% 0.08% 12/15/13 1.60% 1.96% 0.08% 12/22/13 1.53% 1.85% 0.07% 12/29/13 1.57% 1.75% 0.07% 01/05/14 1.64% 1.59% 0.06% 01/12/14 1.57% 1.42% 0.06% 01/19/14 1.61% 1.34% 0.05% 01/26/14 1.58% 1.30% 0.05% 02/02/14 1.52% 1.24% 0.05% 02/09/14 1.56% 1.16% 0.05% 02/16/14 1.53% 1.12% 0.04% 02/23/14 1.49% 1.02% 0.04% 03/02/14 1.49% 0.95% 0.04% 03/09/14 1.46% 0.93% 0.04% 03/16/14 1.38% 0.89% 0.04% 03/23/14 1.37% 0.80% 0.03% 03/30/14 1.39% 0.82% 0.03% 04/06/14 1.44% 0.77% 0.03% 04/13/14 1.58% 0.77% 0.03% 04/20/14 1.45% 0.75% 0.03% 04/27/14 1.04% 0.49% 0.02% 05/04/14 1.20% 0.57% 0.03% 05/11/14 1.25% 0.61% 0.03% 05/18/14 1.30% 0.59% 0.02% 05/25/14 1.31% 0.55% 0.03% The Untrusted percentages are still around 1.15% higher than the old cert. I suspect that some systems don't trust DigiCert due to the issue they had a few years ago and people and / or programs configuring systems to no longer trust DigiCert.
I've also checked that the percentages for Untrusted are around the same with data that only includes the stub with the updated certificate information for DigiCert and that the Attributes and Untrusted & Attributes percentages go back down to the same levels as prior to the certificate change.
Whiteboard: [stubv2=] → [stubv3=]
Depends on: 1109342
Filed bug 1109342 for the changes needed to bouncer
The number of stub installs hitting Certificate Attribute check failures has dropped to the level prior to the signing certificate change but the stub installs hitting Certificate Untrusted failures is still significantly higher (over 0.6% increase for all stub install attempts) than prior to the change. This is about as close as we can get to knowing that there are significantly more systems that don't trust the digicert certificate and last I checked the majority of those were WinXP systems. Since the number of WinXP installs is lessening over time the number of Untrusted failures is also decreasing. Week Untrusted Attributes Untrusted & Attributes 10/06/13 0.14% 0.00% 0.01% 10/13/13 0.14% 0.00% 0.01% 10/20/13 0.13% 0.00% 0.01% 10/27/13 1.98% 5.77% 0.22% 11/03/13 2.89% 4.76% 0.21% 11/10/13 2.57% 3.50% 0.16% 11/17/13 1.65% 2.88% 0.16% 11/24/13 1.65% 2.57% 0.10% 12/01/13 1.60% 2.25% 0.09% 12/08/13 1.60% 2.07% 0.08% 12/15/13 1.59% 1.95% 0.08% 12/22/13 1.52% 1.84% 0.07% 12/29/13 1.57% 1.74% 0.07% 01/05/14 1.64% 1.58% 0.06% 01/12/14 1.57% 1.41% 0.06% 01/19/14 1.61% 1.33% 0.05% 01/26/14 1.58% 1.29% 0.05% 02/02/14 1.53% 1.24% 0.05% 02/09/14 1.56% 1.15% 0.05% 02/16/14 1.52% 1.10% 0.04% 02/23/14 1.49% 1.01% 0.04% 03/02/14 1.49% 0.94% 0.04% 03/09/14 1.46% 0.92% 0.04% 03/16/14 1.39% 0.89% 0.03% 03/23/14 1.37% 0.80% 0.03% 03/30/14 1.39% 0.81% 0.03% 04/06/14 1.43% 0.77% 0.03% 04/13/14 1.57% 0.76% 0.03% 04/20/14 1.45% 0.75% 0.03% 04/27/14 1.04% 0.48% 0.02% 05/04/14 1.20% 0.56% 0.03% 05/11/14 1.25% 0.60% 0.03% 05/18/14 1.30% 0.58% 0.02% 05/25/14 1.31% 0.55% 0.03% 06/01/14 1.29% 0.54% 0.03% 06/08/14 1.26% 0.48% 0.02% 06/15/14 1.25% 0.45% 0.02% 06/22/14 1.31% 0.45% 0.02% 06/29/14 1.35% 0.46% 0.02% 07/06/14 1.32% 0.46% 0.02% 07/13/14 1.00% 0.46% 0.02% 07/20/14 0.91% 0.41% 0.02% 07/27/14 0.93% 0.39% 0.02% 08/03/14 0.95% 0.42% 0.02% 08/10/14 0.94% 0.40% 0.02% 08/17/14 0.93% 0.39% 0.02% 08/24/14 0.98% 0.37% 0.02% 08/31/14 1.01% 0.33% 0.02% 09/07/14 1.00% 0.31% 0.02% 09/14/14 0.97% 0.32% 0.02% 09/21/14 1.00% 0.32% 0.02% 09/28/14 1.03% 0.31% 0.02% 10/05/14 1.02% 0.30% 0.02% 10/12/14 0.91% 0.25% 0.02% 10/19/14 0.96% 0.23% 0.02% 10/26/14 0.89% 0.23% 0.02% 11/02/14 0.91% 0.24% 0.02% 11/09/14 0.88% 0.26% 0.02% 11/16/14 0.89% 0.25% 0.02% 11/23/14 0.92% 0.24% 0.02% 11/30/14 0.85% 0.05% 0.01% 12/07/14 0.78% 0.00% 0.01%
Priority: -- → P3
It's been 3 years since we looked at these numbers; we should look at them again, but if this is unique to XP it is likely to become a WONTFIX.
Flags: needinfo?(mhowell)
Agree with the WONTFIX. I suspect that xp was the primary Windows OS when DigiCert had the issue several years ago (see comment #9 ) and that newer Windows versions are much less likely to be configured to not trust DigiCert.
We're currently getting approximately 0.5% of all unsuccessful stub install pings as unexpected attributes errors, and about half that many untrusted certificate errors. I don't think that's enough to say we have a serious problem here, and I agree with comment 14 that the original DigiCert issue is very likely no longer a factor. WONTFIX it is.
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(mhowell)
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: