On 01/04/2016 10:21 AM, Adam Roach wrote: > I propose that we minimally should collect telemetry around this > condition. It should be pretty easy to detect: look for cases where we > reject very young SHA-1 certs that chain back to a CA we don't ship. > Once we know the scope of the problem, we can make informed decisions > about how urgent our subsequent actions should be.
I had a similar thought, but I think it's too late for such telemetry to be effective. The vast majority of users who are affected will have already stopped using Firefox, or will immediately do so, as soon as they discover that their webmail, bank, google, facebook, etc. don't work. (We could have used this sort of telemetry before Jan 1 if we'd forseen this potential problem. I don't blame us for not forseeing this, though.) ~Daniel _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
