mozilla / crlite

WebPKI-level Certificate Revocation via Multi-Level Bloom Filter Cascade
http://www.cs.umd.edu/~dml/papers/crlite_oakland17.pdf
Mozilla Public License 2.0
77 stars 6 forks source link

moz_kinto_publisher leaves stale records in Remote Settings #229

Closed jschanck closed 2 years ago

jschanck commented 2 years ago

In the moz_kinto_publisher script we key a dictionary of intermediate CAs using the following unique_id function: https://github.com/mozilla/crlite/blob/123ac015357421ff46530b1af76a8f7116629785/moz_kinto_publisher/main.py#L305-L310 Intermediates with distinct unique_ids get distinct entries in the Remote Settings collection.

Remote Settings clients, however, only key based on pubKeyHash and subjectDN. So entries that differ in pemHash are useless.

There are 2908 entries in the remote settings collection and only 2198 that have distinct (pubKeyHash, subjectDN) values.

jschanck commented 2 years ago

Closing since these duplicates are potentially useful for intermediates preloading.