Re: Intermediate CA Preloading is enabled for desktop Nightly users

On Fri, Mar 15, 2019 at 4:47 PM J.C. Jones wrote: > That's a good argument for us never "optimizing" it to avoid re-downloading > already-known certs. Just download the whole set once, everywhere - the > bandwidth savings are limited. Yes and No. As ekr pointed out to me offline, there are so

Re: Intermediate CA Preloading is enabled for desktop Nightly users

On Thu, Mar 14, 2019 at 3:26 PM Nicholas Alexander wrote: > J.C. -- I don't think this answers Tom's question, but perhaps it does. In > that case I'll ask what I think is the same question: Actually, what I was worried about was Mozilla being able to track users based on what the client

Re: Intermediate CA Preloading is enabled for desktop Nightly users

Nicholas, Mozilla's root program mandates all members disclose all intermediates via the Common CA Database . That database has enough metadata to determine which CA certificates chain to roots in our program. The CCADB exports a list on-demand of

Re: Intermediate CA Preloading is enabled for desktop Nightly users

On Wed, Mar 13, 2019 at 2:23 PM J.C. Jones wrote: > Tom, > > Kinto provides the whole list of metadata to clients as soon as it syncs > [1]. The metadata uses the Kinto attachment > mechanism to store the > DER-encoded certificate for separate

Re: Intermediate CA Preloading is enabled for desktop Nightly users

Tom, Kinto provides the whole list of metadata to clients as soon as it syncs [1]. The metadata uses the Kinto attachment mechanism to store the DER-encoded certificate for separate download. Firefox maintains a "local field" boolean in the dataset to

Re: Intermediate CA Preloading is enabled for desktop Nightly users

How does kinto know which certificates you yet need to download? On Fri, Mar 8, 2019, 3:29 PM J.C. Jones wrote: > # tl;dr # > > At the end of February I enabled Intermediate CA Preloading for all > desktop Nightly users to begin gathering telemetry. This means all > intermediate CAs disclosed