Security/CryptoEngineering/Intermediate Preloading: Difference between revisions

Security/CryptoEngineering/Intermediate Preloading (view source)

Revision as of 17:01, 8 January 2020

339 bytes added , 8 January 2020

nits

Jcjones

122

edits

@@ Line 1: / Line 1: @@
 = Intermediate CA Preloading =
+In pre-release versions of Firefox users are benefiting from a new feature called Intermediate CA Preloading which reduces the number of secure connection errors that users run into when web servers forget to properly configure their TLS response.
 In [https://bugzilla.mozilla.org/show_bug.cgi?id=1404934 Bug 1404934] we've added support to download the Intermediate Certificate Authorities that have been disclosed to the [[CA|Mozilla CA Root Program]] from [https://www.kinto-storage.org/ Kinto] in the background during normal Firefox operation.
-This is currently only enabled for Nightly users on desktop platforms. (March 2019)
+This is currently only enabled for Nightly and Beta users on desktop platforms. (January 2020)
 Remaining work is being tracked by [https://bugzilla.mozilla.org/show_bug.cgi?id=1535662 Bug 1535662].
@@ Line 11: / Line 13: @@
 Websites using encryption should provide two digital PKI certificates [1] when connecting to clients: One for the website itself, and one for the intermediate CA that produced the website's digital certificate. Sometimes, websites are set up incorrectly.
-When other browsers encounter this case, they use a mechanism where the user's browser then, in the background, connects to the CA and downloads the certificate just-in-time.
+When other browsers encounter this case, they use a mechanism where the user's browser then, in the background, connects to the CA and downloads the certificate just-in-time, which delays the connection and reveals the website the user is connecting to.
 === Performance ===