Articles in “Security”

Design of the CRLite Infrastructure

Firefox is the only major browser that still evaluates every website it connects to whether the certificate used has been reported as revoked. Firefox users are notified of all connections … Read more

Measuring Middlebox Interference with DNS Records

Overview The Domain Name System (DNS) is often referred to as the “phonebook of the Internet.” It is responsible for translating human readable domain names–such as mozilla.org–into IP addresses, which … Read more

Firefox 83 introduces HTTPS-Only Mode

  Security on the web matters. Whenever you connect to a web page and enter a password, a credit card number, or other sensitive information, you want to be sure … Read more

May 2020 CA Communication

Mozilla has sent a CA Communication and Survey to inform Certification Authorities (CAs) who have root certificates included in Mozilla’s program about current expectations. Additionally this survey will collect input … Read more

Expanding Client Certificates in Firefox 75

Starting in version 75, Firefox can be configured to use client certificates provided by the operating system on Windows and macOS. Background When Firefox negotiates a secure connection with a … Read more

CRLite: Speeding Up Secure Browsing

CRLite pushes bulk certificate revocation information to Firefox users, reducing the need to actively query such information one by one. Additionally this new technology eliminates the privacy leak that individual … Read more

The End-to-End Design of CRLite

CRLite is a technology to efficiently compress revocation information for the whole Web PKI into a format easily delivered to Web users. It addresses the performance and privacy pitfalls of … Read more