On 04/08/14 18:16, Erwann Abalea wrote: > I imagine you have access to more detailed information (OCSP URL, > date/time, user location, ...), could some of it be open?
Not necessarily; I suspect this data was gathered using Firefox Telemetry, where we try very hard to avoid violating a user's privacy. Aggregate pass/fail stats (and even failure reasons) are one thing; details of sites visited are another. It could be that we could break it down by CA (top level domain) without significant privacy intrusion, as most CAs secure many websites, but I suspect it would require more mods to Firefox to do that. > OCSP is painful and costly to optimize, x509labs shows great > availability and good performance for most CA/location combination, > but this is in contradiction with real user measurements. Why, and > how? Good question. Perhaps the point is that consumer internet connections are a lot flakier than the one x509labs uses. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
