namecoin: Namecoin TLS for Firefox: Phase 6 (Negative Override Cache in C++, WebExtension Aggregation, and Coordination with Mozilla)


In Phase 5 of Namecoin TLS for Firefox, I discussed the performance benefits of moving the positive override cache from JavaScript to C++. I’ve now implemented preliminary work on doing the same for negative overrides.

The code changes for negative overrides’ C++ cache are analogous to those for positive overrides, so there’s not much to cover in this post about those changes. However, I did take the chance to refactor the API between the C++ code and the JavaScript code a bit. Previously, only 1 WebExtension was able to perform overrides; if multiple WebExtensions registered for the API, whichever replied first would be the only one that had any effect. Now, each WebExtension replies separately to the Experiment, and the Experiment passes those replies on to the C++ code. The Experiment also notifies the C++ code when all of the WebExtensions have replied. Although this does add some extra API overhead, it has the benefit of allowing an override to take place immediately if a single WebExtension has determined that it should take place, even if the other (irrelevant) WebExtensions are still evaluating the certificate.

Unfortunately, at this point I merged upstream changes from Mozilla into my Mercurial repository, only to find that there was now a compile error. I’m still figuring out exactly why this compile error is happening. It looks like it’s unrelated to any of the files that my patch touches; I suspect that it’s due to my general lack of competence with Mercurial (Mozilla’s codebase is the first time I’ve used Mercurial) or my similar general lack of competence with Mozilla’s build system.

So, until I actually get the code to build, I won’t be able to do performance evaluations of these changes. Hence why there are no pretty graphs in this post.

Meanwhile, I reached out to Mozilla to get some feedback on the general approach I was taking. (I had previously discussed high-level details with Mozilla, but this time I provided a WIP code patch, so that it would be easier to evaluate whether I was doing anything with the code that would be problematic.) This resulted in a discussion about what methods should be used to prevent malicious or buggy extensions from causing unexpected damage to user security. This is definitely a legitimate concern: messing with certificate verification is dangerous when done improperly, and it’s important that users understand what they’re getting when they install a WebExtension that might put them at risk. That discussion is still ongoing, and it’s not clear yet what the consensus will arrive at.

(It should be noted that there are some alternative approaches to Firefox support for Namecoin TLS underway as well, which will be covered in a future post.)

This work was funded by NLnet Foundation’s Internet Hardening Fund.

Original article was created by: namecoin at

Disclaimer: This article should not be taken as, and is not intended to provide, investment advice. Please conduct your own thorough research before investing in any cryptocurrency or ICO.

Interested in Cryptocurrencies and ICO's?

Follow our telegram channel for daily cryptomarket reports!

Join @cointrends

Related Articles

pubDate Newsline
6 hours ago Japan Roundup: Public Companies Unveil New Mining Plan, Exchange, Token Fund
10 hours ago Three Hackers Held in China Over $87 million Crypto Theft

Stay on top of Altcoins and ICO trends.

Subscribe to our free Weekly Cryptomarket report

Delivered once a week, strongly to your inbox.

Subscribe to our mailing list
August 14, 2018

ncdns NSIS Installer UX: Detection of Visual C++ 2010 Redistributable Package

If you’ve used ConsensusJ-Namecoin (our lightweight SPV name lookup client), you’ve probably noticed that we instruct users (on the Download page) to install the Microsoft Visual C++ 2010 Redistributable Package. Failing to do this will result in the LevelDB library failing to load, which...

From: NameCoin
August 13, 2018

cross_sign_name_constraint_tool Drops Support for Go v1.9.x; Users Who Self-Built It With Go v1.9.x Should Update Immediately

cross_sign_name_constraint_tool, as you may remember, is a Namecoin-developed tool that applies name constraints to a certificate authority, without requiring any permission from that CA. It can be used to prevent malicious CA’s from issuing certificates for Namecoin domain names, even if...

From: NameCoin
August 06, 2018

Electrum-NMC: Name Script Deserialization

I previously wrote about making ElectrumX (the server) handle name scripts. Now that that’s out of the way, the next step is making Electrum-NMC (the client) handle name scripts as well. I now have Electrum-NMC deserializing name scripts. Most of the details of this work are fairly mundane...

From: NameCoin
July 23, 2018

Namecoin's Jeremy Rand will be at Decentralized Web Summit 2018

Namecoin developer Jeremy Rand will attend Decentralized Web Summit 2018 in San Francisco, July 31 - August 2, hosted by the Internet Archive. Namecoin will be at the Science Fair and will give a Lightning Talk (schedule TBA). We’re also open to meetups and hacking sessions independent of...

From: NameCoin
July 15, 2018

ElectrumX: Name Scripts

ElectrumX is the server component of Electrum. Unlike the client component, which requires forking to enable altcoins, ElectrumX has altcoin support by default, including Namecoin [1]. ElectrumX already supports the AuxPoW features of Namecoin (which is why only Electrum-NMC needed...

From: NameCoin
July 12, 2018

Electrum-NMC v3.2.2 Released

We’ve released Electrum-NMC v3.2.2. Here’s what’s new: Trezor support. Support AuxPoW and timewarp hardforks. (AuxPoW is still experimental, but it does successfully sync now.) Fix running the GNU/Linux release without installing first. Improvements from upstream...

From: NameCoin
Upcoming ICO's
This week overview
Token Name Starts
RoBust Defense Token (RBDT) logo RoBust Defense Token (RBDT) Today
Rubius (RUBY) logo Rubius (RUBY) 1 days
Cryptocurrency rates
*Last hour average price&change
Coin Name Price Hour
Bitcoin logo BTC $6468.49412791 -0.16%
Ethereum logo ETH $293.313827029 -2.02%
Ripple logo XRP $0.3380953433 -1.22%
Bitcoin Cash logo BCH $549.233714833 -1.88%
EOS logo EOS $5.1190619127 -1.76%
Stellar logo XLM $0.2281080622 -0.39%
Litecoin logo LTC $55.8145420782 -2.29%
Tether logo USDT $1.0027838193 0.03%
Cardano logo ADA $0.0996025332 -1.22%
Monero logo XMR $98.0806894828 -0.12%
Tronix logo TRX $0.0219889661 -0.85%
IOTA logo IOT $0.5181363936 -1.44%