{"id":2547,"date":"2020-01-21T07:51:21","date_gmt":"2020-01-21T15:51:21","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=2547"},"modified":"2020-01-21T08:55:31","modified_gmt":"2020-01-21T16:55:31","slug":"crlite-part-3-speeding-up-secure-browsing","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/","title":{"rendered":"CRLite: Speeding Up Secure Browsing"},"content":{"rendered":"<p>CRLite pushes bulk certificate revocation information to Firefox users, reducing the need to actively query such information one by one. Additionally this new technology eliminates the privacy leak that individual queries can bring, and does so for the whole Web, not just special parts of it. The first two posts in this series about the newly-added CRLite technology provide background: <a href=\"https:\/\/blog.mozilla.org\/security\/2020\/01\/09\/crlite-part-1-all-web-pki-revocations-compressed\">Introducing CRLite: All of the Web PKI\u2019s revocations, compressed<\/a> and <a href=\"https:\/\/blog.mozilla.org\/security\/2020\/01\/09\/crlite-part-2-end-to-end-design\">The End-to-End Design of CRLite<\/a>.<\/p>\n<p>Since mid-December, our pre-release Firefox Nightly users have been evaluating our CRLite system while performing normal web browsing. Gathering information through <a href=\"https:\/\/telemetry.mozilla.org\">Firefox Telemetry<\/a> has allowed us to verify the effectiveness of CRLite.<\/p>\n<p>The questions we particularly wanted to ask about Firefox when using CRLite are:<\/p>\n<ol>\n<li>What were the results of checking the CRLite filter?\n<ol>\n<li>Did it find the certificate was too new for the installed CRLite filter;<\/li>\n<li>Was the certificate valid, revoked, or not included;<\/li>\n<li>Was the CRLite filter unavailable?<\/li>\n<\/ol>\n<\/li>\n<li>How quickly did the CRLite filter check return compared to actively querying status using the Online Certificate Status Protocol (OCSP)?<\/li>\n<\/ol>\n<h3>How Well Does CRLite Work?<\/h3>\n<p>With Telemetry enabled in Firefox Nightly, each invocation of CRLite emits one of these results:<\/p>\n<ul>\n<li>Certificate Valid, indicating that CRLite authoritatively returned that the certificate was valid.<\/li>\n<li>Certificate Revoked, indicating that CRLite authoritatively returned that the certificate was revoked.<\/li>\n<li>Issuer Not Enrolled, meaning the certificate being evaluated wasn\u2019t included in the CRLite filter set, likely because the issuing Certificate Authority (CA) did not publish CRLs.<\/li>\n<li>Certificate Too New, meaning the certificate being evaluated was newer than the CRLite filter.<\/li>\n<li>Filter Not Available, meaning that the CRLite filter either had not yet been downloaded from Remote Settings, or had become so stale as to be out-of-service.<\/li>\n<\/ul>\n<div id=\"attachment_2552\" style=\"width: 489px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure1-results.png\"><img aria-describedby=\"caption-attachment-2552\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-2552\" src=\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure1-results.png\" alt=\"Show that &gt;50% of TLS connections would have been using CRLite\" width=\"479\" height=\"481\" srcset=\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure1-results.png 479w, https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure1-results-252x253.png 252w, https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure1-results-160x160.png 160w\" sizes=\"(max-width: 479px) 100vw, 479px\" \/><\/a><p id=\"caption-attachment-2552\" class=\"wp-caption-text\">Figure 1: One month of CRLite results in Firefox Nightly (5 December 2019 to 6 Jan 2020)<\/p><\/div>\n<p><b>Immediately, one sees that over 54% of secure connections (500M) could have benefited from the improved privacy and performance of CRLite for Firefox Nightly users.<\/b><\/p>\n<p>Of the other data:<\/p>\n<ul>\n<li>We plan to publish updates up to 4 times per day, which will reduce the incidence of the Certificate Too New result.<\/li>\n<li>The Filter Not Available bucket correlates well with independent telemetry indicating a higher-than-expected level of download issues retrieving CRLite filters from Remote Settings; work to improve that is underway.<\/li>\n<li>Certificates Revoked but used actively on the Web PKI are, and should be, rare. This number is in-line with other Firefox Nightly <a href=\"https:\/\/telemetry.mozilla.org\/new-pipeline\/dist.html#!cumulative=0&amp;end_date=2020-01-06&amp;include_spill=0&amp;keys=__none__!__none__!__none__&amp;max_channel_version=nightly%252F74&amp;measure=SSL_CERT_VERIFICATION_ERRORS&amp;min_channel_version=nightly%252F55&amp;processType=*&amp;product=Firefox&amp;sanitize=1&amp;sort_by_value=0&amp;sort_keys=submissions&amp;start_date=2020-01-06&amp;table=0&amp;trim=1&amp;use_submission_date=0\">telemetry for TLS connection results<\/a>.<\/li>\n<\/ul>\n<h3>How Much Faster is CRLite?<\/h3>\n<p>In contrast to OCSP which requires a network round-trip to complete before a web page can load, CRLite needs only to perform a handful of hash calculations and memory or disk lookups. We expected that CRLite would generally outperform OCSP, but to confirm we added measurements and let OCSP and CRLite race each other in Firefox Nightly.<\/p>\n<div id=\"attachment_2551\" style=\"width: 429px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure2-how_often_crlite_faster.png\"><img aria-describedby=\"caption-attachment-2551\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-2551\" src=\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure2-how_often_crlite_faster.png\" alt=\"Show that CRLite is faster than existing technology 99% of the time\" width=\"419\" height=\"452\" srcset=\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure2-how_often_crlite_faster.png 419w, https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure2-how_often_crlite_faster-252x272.png 252w\" sizes=\"(max-width: 419px) 100vw, 419px\" \/><\/a><p id=\"caption-attachment-2551\" class=\"wp-caption-text\">Figure 2: How often is CRLite faster than OCSP? (11 December 2019 to 6 January 2020)<\/p><\/div>\n<p>Over the month of data, CRLite was faster to query than OCSP 98.844% of the time.<\/p>\n<h4>CRLite is Faster 99% of the Time<\/h4>\n<p>The speedup of CRLite versus OCSP was rather stark; 56% of the time, CRLite was over 100 milliseconds faster than OCSP, which is a substantial and perceptible improvement in browsing performance.<\/p>\n<p><div id=\"attachment_2550\" style=\"width: 566px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure3-speedup_vs_ocsp.png\"><img aria-describedby=\"caption-attachment-2550\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-2550\" src=\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure3-speedup_vs_ocsp.png\" alt=\"Distribution of speedups of CRLite\" width=\"556\" height=\"422\" srcset=\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure3-speedup_vs_ocsp.png 556w, https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure3-speedup_vs_ocsp-252x191.png 252w\" sizes=\"(max-width: 556px) 100vw, 556px\" \/><\/a><p id=\"caption-attachment-2550\" class=\"wp-caption-text\">Figure 3: Distribution of occurrences where CRLite outperformed OCSP, which was 99% of CRLite operations. [<a href=\"https:\/\/telemetry.mozilla.org\/new-pipeline\/dist.html#!cumulative=0&amp;end_date=2020-01-06&amp;include_spill=0&amp;keys=__none__!__none__!__none__&amp;max_channel_version=nightly%252F73&amp;measure=CRLITE_FASTER_THAN_OCSP_MS&amp;min_channel_version=nightly%252F55&amp;processType=*&amp;product=Firefox&amp;sanitize=1&amp;sort_by_value=0&amp;sort_keys=submissions&amp;start_date=2019-12-11&amp;table=0&amp;trim=1&amp;use_submission_date=0\">source<\/a>]<\/p><\/div>Almost 10% of the collected data reports showed an entire second of speedup, indicating that the OCSP reached the default timeout. The delay in this figure shows time spent where a Firefox user is waiting for the page to start loading, so this has a substantial impact to perceived quickness in the browser.<\/p>\n<p>To verify that outlier at the timeout, our OCSP telemetry probe shows that over the same period, 9.9% of OCSP queries timed out:<\/p>\n<p><div id=\"attachment_2548\" style=\"width: 455px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure4-ocsp_results.png\"><img aria-describedby=\"caption-attachment-2548\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-2548\" src=\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure4-ocsp_results.png\" alt=\"10% of OCSP queries time out\" width=\"445\" height=\"419\" srcset=\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure4-ocsp_results.png 445w, https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure4-ocsp_results-252x237.png 252w\" sizes=\"(max-width: 445px) 100vw, 445px\" \/><\/a><p id=\"caption-attachment-2548\" class=\"wp-caption-text\">Figure 4: Results of Live OCSP queries in Firefox Nightly [<a href=\"https:\/\/telemetry.mozilla.org\/new-pipeline\/dist.html#!max_channel_version=nightly%252F74&amp;measure=CERT_VALIDATION_HTTP_REQUEST_RESULT&amp;min_channel_version=nightly%252F55&amp;processType=*&amp;product=Firefox\">source<\/a>]<\/p><\/div>Generally speaking, when loading a website where OCSP wasn\u2019t already cached, 10% of the time Firefox users pause for a full second before the site loads, and they don\u2019t even get revocation data in exchange for the wait.<\/p>\n<h4>The 1% When OCSP is Faster<\/h4>\n<p>The 500k times that OCSP was faster than CRLite, it was generally not much faster: 50% of these occasions it was less than 40 milliseconds faster. Only 20% of the occasions found OCSP 100 milliseconds faster.<\/p>\n<p><div id=\"attachment_2549\" style=\"width: 549px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure5-slowdown_versus_ocsp.png\"><img aria-describedby=\"caption-attachment-2549\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-2549\" src=\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure5-slowdown_versus_ocsp.png\" alt=\"Distribution of slowdowns from CRLite\" width=\"539\" height=\"425\" srcset=\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure5-slowdown_versus_ocsp.png 539w, https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure5-slowdown_versus_ocsp-252x199.png 252w\" sizes=\"(max-width: 539px) 100vw, 539px\" \/><\/a><p id=\"caption-attachment-2549\" class=\"wp-caption-text\">Figure 5: Distribution of occurrences where OCSP outperformed CRLite, which was 1% of CRLite operations. [<a href=\"https:\/\/telemetry.mozilla.org\/new-pipeline\/dist.html#!max_channel_version=nightly%252F74&amp;measure=OCSP_FASTER_THAN_CRLITE_MS&amp;min_channel_version=nightly%252F55&amp;processType=*&amp;product=Firefox\">source<\/a>]<\/p><\/div>Interesting as this is, it represents only 1% of CRLite invocations for Firefox Nightly users in this time period. <strong>Almost 99% of CRLite operations were faster, much faster.<\/strong><\/p>\n<h3>Much Faster, More Private, and Still Secure<\/h3>\n<p>Our study confirmed that CRLite will maintain the integrity of our live revocation checking mechanisms while also speeding up TLS connections.<\/p>\n<p>At this point it\u2019s clear that CRLite lets us keep checking certificate revocations in the Web PKI without compromising on speed, and the remaining areas for improvement are on shrinking our update files closer to the ideal described in the original <a href=\"https:\/\/obj.umiacs.umd.edu\/papers_for_stories\/crlite_oakland17.pdf\">CRLite paper<\/a>.<\/p>\n<p>In the upcoming Part 4 of this series, we\u2019ll discuss the architecture of the CRLite back-end infrastructure, the iteration from the initial research prototype, and interesting challenges of working in a \u201cbig data\u201d context for the Web PKI.<\/p>\n<p>In Part 5 of this series, we will discuss what we\u2019re doing to make CRLite as robust and as safe as possible.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CRLite pushes bulk certificate revocation information to Firefox users, reducing the need to actively query such information one by one. Additionally this new technology eliminates the privacy leak that individual &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/\">Read more<\/a><\/p>\n","protected":false},"author":1349,"featured_media":2550,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[320796,69,45499],"tags":[327150,327155,907,45499],"coauthors":[45540],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>CRLite: Speeding Up Secure Browsing - Mozilla Security Blog<\/title>\n<meta name=\"description\" content=\"Firefox&#039;s CRLite technology speeds up secure browsing on the web while also improving privacy and security for Firefox users.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"J.C. Jones\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/\",\"name\":\"CRLite: Speeding Up Secure Browsing - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure3-speedup_vs_ocsp.png\",\"datePublished\":\"2020-01-21T15:51:21+00:00\",\"dateModified\":\"2020-01-21T16:55:31+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/f2bfcea9a0c404ce2431925922bedbde\"},\"description\":\"Firefox's CRLite technology speeds up secure browsing on the web while also improving privacy and security for Firefox users.\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure3-speedup_vs_ocsp.png\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure3-speedup_vs_ocsp.png\",\"width\":556,\"height\":422,\"caption\":\"Figure 3: Distribution of occurrences where CRLite outperformed OCSP, which was 99% of CRLite operations. [source]\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CRLite: Speeding Up Secure Browsing\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/f2bfcea9a0c404ce2431925922bedbde\",\"name\":\"J.C. Jones\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/d063fc46e7671301c178b2781210dff7\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/64eb1412c9354cf356df31936368cdac?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/64eb1412c9354cf356df31936368cdac?s=96&d=identicon&r=g\",\"caption\":\"J.C. Jones\"},\"description\":\"Keeping people safe on the 'net. Cryptography Engineering lead for Firefox.\",\"sameAs\":[\"https:\/\/tacticalsecret.com\/\",\"https:\/\/x.com\/JamesPugJones\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CRLite: Speeding Up Secure Browsing - Mozilla Security Blog","description":"Firefox's CRLite technology speeds up secure browsing on the web while also improving privacy and security for Firefox users.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/","twitter_misc":{"Written by":"J.C. Jones","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/","url":"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/","name":"CRLite: Speeding Up Secure Browsing - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure3-speedup_vs_ocsp.png","datePublished":"2020-01-21T15:51:21+00:00","dateModified":"2020-01-21T16:55:31+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/f2bfcea9a0c404ce2431925922bedbde"},"description":"Firefox's CRLite technology speeds up secure browsing on the web while also improving privacy and security for Firefox users.","breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/#primaryimage","url":"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure3-speedup_vs_ocsp.png","contentUrl":"https:\/\/blog.mozilla.org\/security\/files\/2020\/01\/figure3-speedup_vs_ocsp.png","width":556,"height":422,"caption":"Figure 3: Distribution of occurrences where CRLite outperformed OCSP, which was 99% of CRLite operations. [source]"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2020\/01\/21\/crlite-part-3-speeding-up-secure-browsing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"CRLite: Speeding Up Secure Browsing"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/f2bfcea9a0c404ce2431925922bedbde","name":"J.C. Jones","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/d063fc46e7671301c178b2781210dff7","url":"https:\/\/secure.gravatar.com\/avatar\/64eb1412c9354cf356df31936368cdac?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/64eb1412c9354cf356df31936368cdac?s=96&d=identicon&r=g","caption":"J.C. Jones"},"description":"Keeping people safe on the 'net. Cryptography Engineering lead for Firefox.","sameAs":["https:\/\/tacticalsecret.com\/","https:\/\/x.com\/JamesPugJones"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2547"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/1349"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=2547"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2547\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media\/2550"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=2547"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=2547"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=2547"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=2547"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}