Issue metadata
Sign in to add a comment
|
Stop serializing Signed Certificate Timestamps in HttpResponseInfo |
||||||||||||||||||||||||
Issue descriptionSigned Certificate Timestamps are currently written into the disk cache, but they don't really need to be. The fact that SCTs are serialized wastes disk space and complicates changes that affect the SCT serialization, for example changing the SCTVerifyStatus enum values (see issue 640689 ). Tagging with Security>UX because the primary implications are for WebsiteSettings and for DevTools. I propose that we remove WebsiteSettings strings about CT, as they are too technical for that UI surface and there is more detailed CT information available in DevTools. If we do that, then the only way in which ceasing to cache SCTs will matter is in DevTools: cached requests will show up without SCTs. We should accept that not all information about a request will always be available in DevTools -- maybe with a string like "Not all security information is available for resources loaded from cache" and a prompt to Shift+Refresh.
,
Nov 15 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/cf30556b4a833e7b575c329c27f3262b4d15ff8c commit cf30556b4a833e7b575c329c27f3262b4d15ff8c Author: estark <estark@chromium.org> Date: Tue Nov 15 03:45:39 2016 Remove Certificate Transparency information from WebsiteSettings This information is too technical for laypeople, and is available in the DevTools security people for developers and power users. BUG= 647947 Review-Url: https://codereview.chromium.org/2483093002 Cr-Commit-Position: refs/heads/master@{#432079} [modify] https://crrev.com/cf30556b4a833e7b575c329c27f3262b4d15ff8c/chrome/app/chromium_strings.grd [modify] https://crrev.com/cf30556b4a833e7b575c329c27f3262b4d15ff8c/chrome/app/generated_resources.grd [modify] https://crrev.com/cf30556b4a833e7b575c329c27f3262b4d15ff8c/chrome/app/google_chrome_strings.grd [modify] https://crrev.com/cf30556b4a833e7b575c329c27f3262b4d15ff8c/chrome/browser/ui/website_settings/website_settings.cc [modify] https://crrev.com/cf30556b4a833e7b575c329c27f3262b4d15ff8c/chrome/browser/ui/website_settings/website_settings.h [modify] https://crrev.com/cf30556b4a833e7b575c329c27f3262b4d15ff8c/chrome/browser/ui/website_settings/website_settings_ui.cc [modify] https://crrev.com/cf30556b4a833e7b575c329c27f3262b4d15ff8c/chrome/browser/ui/website_settings/website_settings_unittest.cc
,
Nov 23 2016
,
Nov 10 2017
,
Feb 18 2018
,
Apr 5 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6b37810307ab09bd2a13ef4f8a815b9b42e18544 commit 6b37810307ab09bd2a13ef4f8a815b9b42e18544 Author: Emily Stark <estark@google.com> Date: Thu Apr 05 18:42:03 2018 Stop serializing SCTs in HttpResponseInfo The only thing that cares about persisted SCTs is DevTools (which should be able to handle missing SCTs or other security info), so we don't need to persist them to the disk cache. This change removes the SCT serialization from HttpResponseInfo::Persist and throws out SCTs when reading them out of existing cached entries. Bug: 647947 Change-Id: Ida1171057d9c22819778e53cd3e242b0dcac585d Reviewed-on: https://chromium-review.googlesource.com/996462 Commit-Queue: Emily Stark <estark@chromium.org> Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Cr-Commit-Position: refs/heads/master@{#548504} [modify] https://crrev.com/6b37810307ab09bd2a13ef4f8a815b9b42e18544/net/http/http_response_info.cc [modify] https://crrev.com/6b37810307ab09bd2a13ef4f8a815b9b42e18544/net/http/http_response_info_unittest.cc
,
Apr 5 2018
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by est...@chromium.org
, Nov 14 2016