On Tue, Oct 15, 2013 at 8:44 AM, Kai Engert <
ka...@kuix.de> wrote:
> This is the classic security vs. performance discussion.
>
> As soon as you decide to timeout the connection (and give up on the
> optional check),
for better or for worse firefox is already making that tradeoff - at a 10s
threshold. No matter the threshold some tail events are going to give up
the check because of it - the question here is what amount of latency and
what size of tail is acceptable. What has changed is that
1] we have measurements that show such a large timeout isn't necessary for
most of the population to garner whatever benefit soft-fail gives
2] we have measurements that show a large number of connections hitting
this timeout, so its value is relevant
A timeout of 5 seconds exposes about 1% of our currently successful queries
(across all platforms) to this. 4 seconds pushes that to almost 2%, and the
proposed 3 seconds about 5%. I think 3 seconds is acceptable, while 4 might
actually be a sweet spot that I could also get behind at this point. Any
more than that is, imo, too much pain for too little benefit.
In return we go from a completely unusable experience (10 second) to a slow
but perhaps usable one.
-P
[as an aside, I prefer our telemetry data here over the server-to-server
data from places like netcraft just because we know it reflects the quirks
of the firefox userbase, actual OCSP results, and our own current use of
POST vs GET, etc..]