New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 621980 link

Starred by 2 users
Status: Fixed
Owner:
est...@chromium.org
Closed: Nov 2016
Cc:
est...@chromium.org
rsleevi@chromium.org
dadrian@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

UMA stats for PKP may be inaccurate

Project Member Reported by dadrian@google.com, Jun 21 2016 
The UMA reporting for PKP in  TransportSecurityState::CheckPublicKeyPins is likely inaccurate, per rsleevi@:

"In order for the histograms to be useful, the UMA ID must never change, and gaps must never be added. I'm not sure with Lucas' script to generate the preload dataset if we're still preserving the immutability of that - I'd be surprised if we were, because that requires a state going back to the first time we were doing the preloads.

Otherwise, the UMA is only valid for the TransportSecurityState version of the dataset, which isn't that useful."

See https://codereview.chromium.org/2066603004/diff/1/net/http/transport_security_state.cc for context.
Project Member

Comment 1 by sheriffbot@chromium.org, Jun 22 2016

Labels: Hotlist-Google

Comment 2 by est...@chromium.org, Nov 1 2016

Owner: est...@chromium.org
Status: Started (was: Untriaged)

Comment 3 by est...@chromium.org, Nov 1 2016

Components: Internals>Network>DomainSecurityPolicy
Project Member

Comment 4 by bugdroid1@chromium.org, Nov 1 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f2c5c591fb3041c49bb9d0cd2c0d2d288af8dc4e

commit f2c5c591fb3041c49bb9d0cd2c0d2d288af8dc4e
Author: estark <estark@chromium.org>
Date: Tue Nov 01 21:37:28 2016

Deprecate old PublicKeyPinFailureDomain histogram

This histogram is probably never looked at by anyone and also probably
records inaccurate data because domain_ids have probably not been
constant over time. This CL deprecates the histogram, removes the code
that records it, and removes |domain_id| from PreloadResult because it's
not used for anything else.

BUG= 621980 

Review-Url: https://codereview.chromium.org/2467953002
Cr-Commit-Position: refs/heads/master@{#429121}

[modify] https://crrev.com/f2c5c591fb3041c49bb9d0cd2c0d2d288af8dc4e/net/http/transport_security_state.cc
[modify] https://crrev.com/f2c5c591fb3041c49bb9d0cd2c0d2d288af8dc4e/tools/metrics/histograms/histograms.xml

Comment 5 by est...@chromium.org, Nov 1 2016

Labels: M-56

Comment 6 by lgar...@chromium.org, Nov 2 2016

Components: -Internals>Network>SSL

Comment 7 by lgar...@chromium.org, Nov 3 2016 

> I'm not sure with Lucas' script to generate the preload dataset if we're still preserving the immutability of that

I have made sure to preserve it, but I haven't checked if anyone ever made a mistake.

Emily and I chatted about it, through, and we didn't see a need to keep per-domain stats anymore.

Comment 8 by est...@chromium.org, Nov 6 2016

Status: Fixed (was: Started)

Sign in to add a comment