☕️ Insufficient Coffee

Design of the CRLite Infrastructure

Firefox is the only major browser that still evaluates every website it connects to whether the certificate used has been reported as revoked. Firefox users are notified of all connections involving untrustworthy certificates, regardless the popularity of the site. Inconveniently, checking certificate status sometimes slows down the connection to websites.... [read more]

Published 2020-12-01

Auditing the CRLs in CRLite

Since Firefox Nightly is now using CRLite to determine if enrolled websites’ certificates are revoked, it’s useful to dig into the data to answer why a given certificate issuer gets enrolled or not.

Ultimately this is a matter of whether the CRLs for a given issuer are available to... [read more]

Published 2020-11-27

Querying CRLite for WebPKI Revocations

Firefox Nightly is now using CRLite to determine if websites’ certificates are revoked — e.g., if the Certificate Authority published that web browsers shouldn’t trust that website certificate. Telemetry shows that querying the local CRLite dataset is much faster than making a network connection for OCSP, which makes... [read more]

Published 2020-11-26

Austin or Bust: A Post-Y'allhands Adventure

Due to a variety of factors, Mozilla changed venues for our 2017 winter all-hands meeting to Austin, Texas, and Austin being a city with relatively poor commercial airline connectivity, ticket prices were fairly high even for me to fly there from Phoenix.

[read more]

Published 2020-11-01

Berlin By Air

I have had business dealings requiring me to visit Berlin regularly for the last 5 years, and in 2018 I finally made the trip outside of the city to Strausberg Airport to rent a Cessna 172SP Skyhawk.

[read more]

Published 2020-10-05