Is there end-to-end tests for this feature?

It's good to have some interop tests too so that we don't break things in upcoming code changes. This is specially the case since there are third-parties that depend on the stability of this interface.

eranm@, re: issue 916308 C#35, our plan is to support this in M73. We will do a 1% experiment with this not supported in M72. Given the number of use is low, would this be acceptable?

The failure mode in M72 will be a crash, right? That doesn't seem great.

i believe the crash shouldn't happen anymore in M72. See https://bugs.chromium.org/p/chromium/issues/detail?id=916308 C#40.

I can double check with cduvall.

The crash will still happen in M72, issue 916308 was tracking a different crash, and we happened to find this issue while investigating.

Right, we found this bug looking for other classes which would trigger the same crash. While keeping server certificate verification (X509Util) in the net svc appears to, for now, be salvageable, it looks like SPNEGO (HttpNegotiateAuthenticator), like client certificates, will need to be pushed back to the browser process to work with the network svc.

> like client certificates

Sorry, that was unclear. Client certificates (SSLPrivateKey) already have been pushed back to the browser process, so that work is all done. SPNEGO still needs to be, for similar reasons. (They both uses platform hooks that have a path tying them to Android UI bits.)

This makes more sense now. This also means that we will get very strong signals if we see any stability issue which we track. If there are significant crashes on beta and 1% stable, then we can quickly end our finch experiment.

I'm more worried about cases where we don't get these signals (ie broken functionality without crashes). 

Since we diverged a bit, I still hope to get an answer for C#3.