Backed out 4 changesets (bug 1266235) for browser_aboutCertError.js failures.
authorRyan VanderMeulen <ryanvm@gmail.com>
Fri, 13 May 2016 16:31:24 -0400
changeset 336455 aa14a4a7c5dffa1871264f84c58ebdcd533b6f1c
parent 336454 94c6caa3870600e0d4af9dbb3987b90f79bf966f
child 336456 edcd8d596806c757423acc2573c9047c569fb4f8
push id6249
push userjlund@mozilla.com
push dateMon, 01 Aug 2016 13:59:36 +0000
treeherdermozilla-beta@bad9d4f5bf7e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1266235
milestone49.0a1
backs out085a53f65ff321220eab2d691b970dd247917a81
90ef5dbbb7c446161e30baa393b78a51ed1e6413
04cd17b0025ca57113db36305b91a6f690081bde
c25b2f3a7ce9a4bad205773723ef8244c0043e23
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 4 changesets (bug 1266235) for browser_aboutCertError.js failures. Backed out changeset 085a53f65ff3 (bug 1266235) Backed out changeset 90ef5dbbb7c4 (bug 1266235) Backed out changeset 04cd17b0025c (bug 1266235) Backed out changeset c25b2f3a7ce9 (bug 1266235)
addon-sdk/source/test/preferences/no-connections.json
b2g/app/b2g.js
browser/app/profile/firefox.js
browser/base/content/content.js
mobile/android/app/mobile.js
modules/libpref/init/all.js
security/manager/ssl/CertBlocklist.cpp
security/manager/ssl/tests/unit/test_cert_blocklist.js
security/manager/ssl/tests/unit/test_ev_certs.js
services/common/KintoBlocklist.js
services/common/blocklist-clients.js
services/common/blocklist-updater.js
services/common/kinto-updater.js
services/common/moz.build
services/common/tests/unit/test_blocklist_certificates.js
services/common/tests/unit/test_blocklist_clients.js
services/common/tests/unit/test_blocklist_updater.js
services/common/tests/unit/test_kintoAddonPluginBlocklist.js
services/common/tests/unit/test_kintoCertBlocklist.js
services/common/tests/unit/test_kinto_updater.js
services/common/tests/unit/xpcshell.ini
testing/profiles/prefs_general.js
toolkit/mozapps/extensions/nsBlocklistService.js
toolkit/mozapps/extensions/test/xpcshell/head_addons.js
toolkit/mozapps/extensions/test/xpcshell/test_blocklist_regexp.js
--- a/addon-sdk/source/test/preferences/no-connections.json
+++ b/addon-sdk/source/test/preferences/no-connections.json
@@ -23,17 +23,17 @@
   "browser.safebrowsing.provider.mozilla.updateURL": "http://localhost/safebrowsing-dummy/update",
   "browser.newtabpage.directory.source": "data:application/json,{'jetpack':1}",
   "browser.newtabpage.directory.ping": "",
   "extensions.update.url": "http://localhost/extensions-dummy/updateURL",
   "extensions.update.background.url": "http://localhost/extensions-dummy/updateBackgroundURL",
   "extensions.blocklist.url": "http://localhost/extensions-dummy/blocklistURL",
   "extensions.webservice.discoverURL": "http://localhost/extensions-dummy/discoveryURL",
   "extensions.getAddons.maxResults": 0,
-  "services.blocklist.base": "http://localhost/dummy-kinto/v1",
+  "services.kinto.base": "http://localhost/dummy-kinto/v1",
   "geo.wifi.uri": "http://localhost/location-dummy/locationURL",
   "browser.search.geoip.url": "http://localhost/location-dummy/locationURL",
   "browser.search.isUS": true,
   "browser.search.countryCode": "US",
   "geo.wifi.uri": "http://localhost/extensions-dummy/geowifiURL",
   "geo.wifi.scan": false,
   "browser.webapps.checkForUpdates": 0,
   "identity.fxaccounts.auth.uri": "http://localhost/fxa-dummy/"
--- a/b2g/app/b2g.js
+++ b/b2g/app/b2g.js
@@ -1082,13 +1082,18 @@ pref("dom.presentation.device.name", "Fi
 
 // Enable notification of performance timing
 pref("dom.performance.enable_notify_performance_timing", true);
 
 // Multi-screen
 pref("b2g.multiscreen.chrome_remote_url", "chrome://b2g/content/shell_remote.html");
 pref("b2g.multiscreen.system_remote_url", "index_remote.html");
 
+// Blocklist service
+pref("extensions.blocklist.enabled", true);
+pref("extensions.blocklist.interval", 86400);
+pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/");
+pref("extensions.blocklist.detailsURL", "https://www.mozilla.com/%LOCALE%/blocklist/");
 
 // Because we can't have nice things.
 #ifdef MOZ_GRAPHENE
 #include ../graphene/graphene.js
 #endif
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -45,16 +45,48 @@ pref("extensions.getAddons.maxResults", 
 pref("extensions.getAddons.get.url", "https://services.addons.mozilla.org/%LOCALE%/firefox/api/%API_VERSION%/search/guid:%IDS%?src=firefox&appOS=%OS%&appVersion=%VERSION%");
 pref("extensions.getAddons.getWithPerformance.url", "https://services.addons.mozilla.org/%LOCALE%/firefox/api/%API_VERSION%/search/guid:%IDS%?src=firefox&appOS=%OS%&appVersion=%VERSION%&tMain=%TIME_MAIN%&tFirstPaint=%TIME_FIRST_PAINT%&tSessionRestored=%TIME_SESSION_RESTORED%");
 pref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%");
 pref("extensions.getAddons.search.url", "https://services.addons.mozilla.org/%LOCALE%/firefox/api/%API_VERSION%/search/%TERMS%/all/%MAX_RESULTS%/%OS%/%VERSION%/%COMPATIBILITY_MODE%?src=firefox");
 pref("extensions.webservice.discoverURL", "https://discovery.addons.mozilla.org/%LOCALE%/firefox/discovery/pane/%VERSION%/%OS%/%COMPATIBILITY_MODE%");
 pref("extensions.getAddons.recommended.url", "https://services.addons.mozilla.org/%LOCALE%/%APP%/api/%API_VERSION%/list/recommended/all/%MAX_RESULTS%/%OS%/%VERSION%?src=firefox");
 pref("extensions.getAddons.link.url", "https://addons.mozilla.org/%LOCALE%/firefox/");
 
+// Blocklist preferences
+pref("extensions.blocklist.enabled", true);
+// OneCRL freshness checking depends on this value, so if you change it,
+// please also update security.onecrl.maximum_staleness_in_seconds.
+pref("extensions.blocklist.interval", 86400);
+// Controls what level the blocklist switches from warning about items to forcibly
+// blocking them.
+pref("extensions.blocklist.level", 2);
+pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/");
+pref("extensions.blocklist.detailsURL", "https://www.mozilla.org/%LOCALE%/blocklist/");
+pref("extensions.blocklist.itemURL", "https://blocklist.addons.mozilla.org/%LOCALE%/%APP%/blocked/%blockID%");
+
+// Kinto blocklist preferences
+pref("services.kinto.base", "https://firefox.settings.services.mozilla.com/v1");
+pref("services.kinto.changes.path", "/buckets/monitor/collections/changes/records");
+pref("services.kinto.bucket", "blocklists");
+pref("services.kinto.onecrl.collection", "certificates");
+pref("services.kinto.onecrl.checked", 0);
+pref("services.kinto.addons.collection", "addons");
+pref("services.kinto.addons.checked", 0);
+pref("services.kinto.plugins.collection", "plugins");
+pref("services.kinto.plugins.checked", 0);
+pref("services.kinto.gfx.collection", "gfx");
+pref("services.kinto.gfx.checked", 0);
+
+// for now, let's keep kinto update out of the release channel
+#ifdef RELEASE_BUILD
+pref("services.kinto.update_enabled", false);
+#else
+pref("services.kinto.update_enabled", true);
+#endif
+
 pref("extensions.update.autoUpdateDefault", true);
 
 pref("extensions.hotfix.id", "firefox-hotfix@mozilla.org");
 pref("extensions.hotfix.cert.checkAttributes", true);
 pref("extensions.hotfix.certs.1.sha1Fingerprint", "91:53:98:0C:C1:86:DF:47:8F:35:22:9E:11:C9:A7:31:04:49:A1:AA");
 pref("extensions.hotfix.certs.2.sha1Fingerprint", "39:E7:2B:7A:5B:CF:37:78:F9:5D:4A:E0:53:2D:2F:3D:68:53:C5:60");
 
 // Check AUS for system add-on updates.
@@ -1181,16 +1213,19 @@ pref("security.mixed_content.block_activ
 pref("security.insecure_password.ui.enabled", true);
 #else
 pref("security.insecure_password.ui.enabled", false);
 #endif
 
 // 1 = allow MITM for certificate pinning checks.
 pref("security.cert_pinning.enforcement_level", 1);
 
+// Required blocklist freshness for OneCRL OCSP bypass
+// (default is 1.25x extensions.blocklist.interval, or 30 hours)
+pref("security.onecrl.maximum_staleness_in_seconds", 108000);
 
 // Override the Gecko-default value of false for Firefox.
 pref("plain_text.wrap_long_lines", true);
 
 // If this turns true, Moz*Gesture events are not called stopPropagation()
 // before content.
 pref("dom.debug.propagate_gesture_events_through_content", false);
 
--- a/browser/base/content/content.js
+++ b/browser/base/content/content.js
@@ -226,17 +226,17 @@ const MOZILLA_PKIX_ERROR_BASE = Ci.nsINS
 
 const SEC_ERROR_EXPIRED_CERTIFICATE                = SEC_ERROR_BASE + 11;
 const SEC_ERROR_UNKNOWN_ISSUER                     = SEC_ERROR_BASE + 13;
 const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE         = SEC_ERROR_BASE + 30;
 const SEC_ERROR_OCSP_FUTURE_RESPONSE               = SEC_ERROR_BASE + 131;
 const SEC_ERROR_OCSP_OLD_RESPONSE                  = SEC_ERROR_BASE + 132;
 const MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE = MOZILLA_PKIX_ERROR_BASE + 5;
 
-const PREF_BLOCKLIST_CLOCK_SKEW_SECONDS = "services.blocklist.clock_skew_seconds";
+const PREF_KINTO_CLOCK_SKEW_SECONDS = "services.kinto.clock_skew_seconds";
 
 const PREF_SSL_IMPACT_ROOTS = ["security.tls.version.min", "security.tls.version.max", "security.ssl3."];
 
 const PREF_SSL_IMPACT = PREF_SSL_IMPACT_ROOTS.reduce((prefs, root) => {
   return prefs.concat(Services.prefs.getChildList(root));
 }, []);
 
 
@@ -282,19 +282,19 @@ var AboutNetAndCertErrorListener = {
       // in case the certificate expired we make sure the system clock
       // matches kinto server time
       case SEC_ERROR_EXPIRED_CERTIFICATE:
       case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
       case SEC_ERROR_OCSP_FUTURE_RESPONSE:
       case SEC_ERROR_OCSP_OLD_RESPONSE:
       case MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE:
 
-        // use blocklist stats if available
-        if (Services.prefs.getPrefType(PREF_BLOCKLIST_CLOCK_SKEW_SECONDS)) {
-          let difference = Services.prefs.getIntPref(PREF_BLOCKLIST_CLOCK_SKEW_SECONDS);
+        // use Kinto stats if available
+        if (Services.prefs.getPrefType(PREF_KINTO_CLOCK_SKEW_SECONDS)) {
+          let difference = Services.prefs.getIntPref(PREF_KINTO_CLOCK_SKEW_SECONDS);
 
           // if the difference is more than a day
           if (Math.abs(difference) > 60 * 60 * 24) {
             let formatter = new Intl.DateTimeFormat();
             let systemDate = formatter.format(new Date());
             // negative difference means local time is behind server time
             let actualDate = formatter.format(new Date(Date.now() - difference * 1000));
 
--- a/mobile/android/app/mobile.js
+++ b/mobile/android/app/mobile.js
@@ -231,16 +231,45 @@ pref("extensions.getAddons.search.url", 
 pref("extensions.getAddons.browseAddons", "https://addons.mozilla.org/%LOCALE%/android/");
 pref("extensions.getAddons.get.url", "https://services.addons.mozilla.org/%LOCALE%/android/api/%API_VERSION%/search/guid:%IDS%?src=mobile&appOS=%OS%&appVersion=%VERSION%");
 pref("extensions.getAddons.getWithPerformance.url", "https://services.addons.mozilla.org/%LOCALE%/android/api/%API_VERSION%/search/guid:%IDS%?src=mobile&appOS=%OS%&appVersion=%VERSION%&tMain=%TIME_MAIN%&tFirstPaint=%TIME_FIRST_PAINT%&tSessionRestored=%TIME_SESSION_RESTORED%");
 
 /* preference for the locale picker */
 pref("extensions.getLocales.get.url", "");
 pref("extensions.compatability.locales.buildid", "0");
 
+/* blocklist preferences */
+pref("extensions.blocklist.enabled", true);
+// OneCRL freshness checking depends on this value, so if you change it,
+// please also update security.onecrl.maximum_staleness_in_seconds.
+pref("extensions.blocklist.interval", 86400);
+pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/");
+pref("extensions.blocklist.detailsURL", "https://www.mozilla.com/%LOCALE%/blocklist/");
+
+// Kinto blocklist preferences
+pref("services.kinto.base", "https://firefox.settings.services.mozilla.com/v1");
+pref("services.kinto.changes.path", "/buckets/monitor/collections/changes/records");
+pref("services.kinto.bucket", "blocklists");
+pref("services.kinto.onecrl.collection", "certificates");
+pref("services.kinto.onecrl.checked", 0);
+pref("services.kinto.addons.collection", "addons");
+pref("services.kinto.addons.checked", 0);
+pref("services.kinto.plugins.collection", "plugins");
+pref("services.kinto.plugins.checked", 0);
+pref("services.kinto.gfx.collection", "gfx");
+pref("services.kinto.gfx.checked", 0);
+
+// for now, let's keep kinto update out of the release channel (pending
+// collection signatures)
+#ifdef RELEASE_BUILD
+pref("services.kinto.update_enabled", false);
+#else
+pref("services.kinto.update_enabled", true);
+#endif
+
 /* Don't let XPIProvider install distribution add-ons; we do our own thing on mobile. */
 pref("extensions.installDistroAddons", false);
 
 // Add-on content security policies.
 pref("extensions.webextensions.base-content-security-policy", "script-src 'self' https://* moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; object-src 'self' https://* moz-extension: blob: filesystem:;");
 pref("extensions.webextensions.default-content-security-policy", "script-src 'self'; object-src 'self';");
 
 /* block popups by default, and notify the user about blocked popups */
@@ -495,16 +524,20 @@ pref("security.alternate_certificate_err
 pref("security.warn_viewing_mixed", false); // Warning is disabled.  See Bug 616712.
 
 // Block insecure active content on https pages
 pref("security.mixed_content.block_active_content", true);
 
 // Enable pinning
 pref("security.cert_pinning.enforcement_level", 1);
 
+// Required blocklist freshness for OneCRL OCSP bypass
+// (default is 1.25x extensions.blocklist.interval, or 30 hours)
+pref("security.onecrl.maximum_staleness_in_seconds", 108000);
+
 // Only fetch OCSP for EV certificates
 pref("security.OCSP.enabled", 2);
 
 // Override some named colors to avoid inverse OS themes
 pref("ui.-moz-dialog", "#efebe7");
 pref("ui.-moz-dialogtext", "#101010");
 pref("ui.-moz-field", "#fff");
 pref("ui.-moz-fieldtext", "#1a1a1a");
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -2066,51 +2066,19 @@ pref("security.cert_pinning.enforcement_
 // This is to prevent accidental pinning from MITM devices and is used
 // for tests.
 pref("security.cert_pinning.process_headers_from_non_builtin_roots", false);
 
 // If set to true, allow view-source URIs to be opened from URIs that share
 // their protocol with the inner URI of the view-source URI
 pref("security.view-source.reachable-from-inner-protocol", false);
 
-// Services security settings
-pref("services.settings.server", "https://firefox.settings.services.mozilla.com/v1");
-
-// Blocklist preferences
-pref("extensions.blocklist.enabled", true);
-// OneCRL freshness checking depends on this value, so if you change it,
-// please also update security.onecrl.maximum_staleness_in_seconds.
-pref("extensions.blocklist.interval", 86400);
-// Required blocklist freshness for OneCRL OCSP bypass
-// (default is 1.25x extensions.blocklist.interval, or 30 hours)
-pref("security.onecrl.maximum_staleness_in_seconds", 108000);
-pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/");
-pref("extensions.blocklist.detailsURL", "https://www.mozilla.com/%LOCALE%/blocklist/");
-pref("extensions.blocklist.itemURL", "https://blocklist.addons.mozilla.org/%LOCALE%/%APP%/blocked/%blockID%");
-// Controls what level the blocklist switches from warning about items to forcibly
-// blocking them.
-pref("extensions.blocklist.level", 2);
-// Blocklist via settings server (Kinto)
-pref("services.blocklist.changes.path", "/buckets/monitor/collections/changes/records");
-pref("services.blocklist.bucket", "blocklists");
-pref("services.blocklist.onecrl.collection", "certificates");
-pref("services.blocklist.onecrl.checked", 0);
-pref("services.blocklist.addons.collection", "addons");
-pref("services.blocklist.addons.checked", 0);
-pref("services.blocklist.plugins.collection", "plugins");
-pref("services.blocklist.plugins.checked", 0);
-pref("services.blocklist.gfx.collection", "gfx");
-pref("services.blocklist.gfx.checked", 0);
-
-// For now, let's keep settings server update out of the release builds
 #ifdef RELEASE_BUILD
-pref("services.blocklist.update_enabled", false);
 pref("security.onecrl.via.amo", true);
 #else
-pref("services.blocklist.update_enabled", true);
 pref("security.onecrl.via.amo", false);
 #endif
 
 
 // Modifier key prefs: default to Windows settings,
 // menu access key = alt, accelerator key = control.
 // Use 17 for Ctrl, 18 for Alt, 224 for Meta, 91 for Win, 0 for none. Mac settings in macprefs.js
 pref("ui.key.accelKey", 17);
--- a/security/manager/ssl/CertBlocklist.cpp
+++ b/security/manager/ssl/CertBlocklist.cpp
@@ -25,17 +25,17 @@
 #include "prtime.h"
 
 NS_IMPL_ISUPPORTS(CertBlocklist, nsICertBlocklist)
 
 using namespace mozilla;
 using namespace mozilla::pkix;
 
 #define PREF_BACKGROUND_UPDATE_TIMER "app.update.lastUpdateTime.blocklist-background-update-timer"
-#define PREF_BLOCKLIST_ONECRL_CHECKED "services.blocklist.onecrl.checked"
+#define PREF_KINTO_ONECRL_CHECKED "services.kinto.onecrl.checked"
 #define PREF_MAX_STALENESS_IN_SECONDS "security.onecrl.maximum_staleness_in_seconds"
 #define PREF_ONECRL_VIA_AMO "security.onecrl.via.amo"
 
 static LazyLogModule gCertBlockPRLog("CertBlock");
 
 uint32_t CertBlocklist::sLastBlocklistUpdate = 0U;
 uint32_t CertBlocklist::sLastKintoUpdate = 0U;
 uint32_t CertBlocklist::sMaxStaleness = 0U;
@@ -139,17 +139,17 @@ CertBlocklist::~CertBlocklist()
                                   this);
   Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged,
                                   PREF_MAX_STALENESS_IN_SECONDS,
                                   this);
   Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged,
                                   PREF_ONECRL_VIA_AMO,
                                   this);
   Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged,
-                                  PREF_BLOCKLIST_ONECRL_CHECKED,
+                                  PREF_KINTO_ONECRL_CHECKED,
                                   this);
 }
 
 nsresult
 CertBlocklist::Init()
 {
   MOZ_LOG(gCertBlockPRLog, LogLevel::Debug, ("CertBlocklist::Init"));
 
@@ -176,17 +176,17 @@ CertBlocklist::Init()
   }
   rv = Preferences::RegisterCallbackAndCall(CertBlocklist::PreferenceChanged,
                                             PREF_ONECRL_VIA_AMO,
                                             this);
   if (NS_FAILED(rv)) {
     return rv;
   }
   rv = Preferences::RegisterCallbackAndCall(CertBlocklist::PreferenceChanged,
-                                            PREF_BLOCKLIST_ONECRL_CHECKED,
+                                            PREF_KINTO_ONECRL_CHECKED,
                                             this);
   if (NS_FAILED(rv)) {
     return rv;
   }
 
   // Get the profile directory
   rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
                               getter_AddRefs(mBackingFile));
@@ -653,18 +653,18 @@ CertBlocklist::PreferenceChanged(const c
   CertBlocklist* blocklist = reinterpret_cast<CertBlocklist*>(aClosure);
   MutexAutoLock lock(blocklist->mMutex);
 
   MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
          ("CertBlocklist::PreferenceChanged %s changed", aPref));
   if (strcmp(aPref, PREF_BACKGROUND_UPDATE_TIMER) == 0) {
     sLastBlocklistUpdate = Preferences::GetUint(PREF_BACKGROUND_UPDATE_TIMER,
                                                 uint32_t(0));
-  } else if (strcmp(aPref, PREF_BLOCKLIST_ONECRL_CHECKED) == 0) {
-    sLastKintoUpdate = Preferences::GetUint(PREF_BLOCKLIST_ONECRL_CHECKED,
+  } else if (strcmp(aPref, PREF_KINTO_ONECRL_CHECKED) == 0) {
+    sLastKintoUpdate = Preferences::GetUint(PREF_KINTO_ONECRL_CHECKED,
                                             uint32_t(0));
   } else if (strcmp(aPref, PREF_MAX_STALENESS_IN_SECONDS) == 0) {
     sMaxStaleness = Preferences::GetUint(PREF_MAX_STALENESS_IN_SECONDS,
                                          uint32_t(0));
   } else if (strcmp(aPref, PREF_ONECRL_VIA_AMO) == 0) {
     sUseAMO = Preferences::GetBool(PREF_ONECRL_VIA_AMO, true);
   }
 }
--- a/security/manager/ssl/tests/unit/test_cert_blocklist.js
+++ b/security/manager/ssl/tests/unit/test_cert_blocklist.js
@@ -42,17 +42,17 @@ stream.init(blockFile,
   FileUtils.PERMS_FILE, 0);
 
 var data = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
            "<blocklist xmlns=\"http://www.mozilla.org/2006/addons-blocklist\">\n" +
            "</blocklist>\n";
 stream.write(data, data.length);
 stream.close();
 
-const PREF_BLOCKLIST_UPDATE_ENABLED = "services.blocklist.update_enabled";
+const PREF_KINTO_UPDATE_ENABLED = "services.kinto.update_enabled";
 const PREF_ONECRL_VIA_AMO = "security.onecrl.via.amo";
 
 var revocations = profile.clone();
 revocations.append("revocations.txt");
 if (!revocations.exists()) {
   let existing = do_get_file("test_onecrl/sample_revocations.txt", false);
   existing.copyTo(profile, "revocations.txt");
 }
@@ -220,17 +220,17 @@ function run_test() {
                  " BVio/iQ21GCi2iUven8oJ/gae74=\n" +
                  "MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0E=\n" +
                  " exJUIJpq50jgqOwQluhVrAzTF74=\n" +
                  "YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy\n" +
                  " YW5vdGhlciBzZXJpYWwu\n" +
                  " c2VyaWFsMi4=";
 
   // This test assumes OneCRL updates via AMO
-  Services.prefs.setBoolPref(PREF_BLOCKLIST_UPDATE_ENABLED, false);
+  Services.prefs.setBoolPref(PREF_KINTO_UPDATE_ENABLED, false);
   Services.prefs.setBoolPref(PREF_ONECRL_VIA_AMO, true);
 
   add_test(function () {
     // check some existing items in revocations.txt are blocked. Since the
     // CertBlocklistItems don't know about the data they contain, we can use
     // arbitrary data (not necessarily DER) to test if items are revoked or not.
     // This test corresponds to:
     // issuer: c29tZSBpbWFnaW5hcnkgaXNzdWVy
--- a/security/manager/ssl/tests/unit/test_ev_certs.js
+++ b/security/manager/ssl/tests/unit/test_ev_certs.js
@@ -144,17 +144,17 @@ function run_test() {
     check_no_ocsp_requests("no-ocsp-url-cert", SEC_ERROR_POLICY_VALIDATION_FAILED);
   });
 
   // Check OneCRL OCSP request skipping works correctly
   add_test(function () {
     // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
     Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", 108000);
     // set the blocklist-background-update-timer value to the recent past
-    Services.prefs.setIntPref("services.blocklist.onecrl.checked",
+    Services.prefs.setIntPref("services.kinto.onecrl.checked",
                               Math.floor(Date.now() / 1000) - 1);
     Services.prefs.setIntPref("app.update.lastUpdateTime.blocklist-background-update-timer",
                               Math.floor(Date.now() / 1000) - 1);
     clearOCSPCache();
     // the intermediate should not have an associated OCSP request
     let ocspResponder = start_ocsp_responder(["ev-valid"]);
     check_ee_for_ev("ev-valid", gEVExpected);
     Services.prefs.clearUserPref("security.onecrl.maximum_staleness_in_seconds");
@@ -172,69 +172,69 @@ function run_test() {
     Services.prefs.clearUserPref("security.onecrl.maximum_staleness_in_seconds");
     ocspResponder.stop(run_next_test);
   });
 
   add_test(function () {
     // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
     Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", 108000);
     // set the blocklist-background-update-timer value to the more distant past
-    Services.prefs.setIntPref("services.blocklist.onecrl.checked",
+    Services.prefs.setIntPref("services.kinto.onecrl.checked",
                               Math.floor(Date.now() / 1000) - 108080);
     Services.prefs.setIntPref("app.update.lastUpdateTime.blocklist-background-update-timer",
                               Math.floor(Date.now() / 1000) - 108080);
     clearOCSPCache();
     let ocspResponder = start_ocsp_responder(
                           gEVExpected ? ["int-ev-valid", "ev-valid"]
                                       : ["ev-valid"]);
     check_ee_for_ev("ev-valid", gEVExpected);
     Services.prefs.clearUserPref("security.onecrl.maximum_staleness_in_seconds");
     ocspResponder.stop(run_next_test);
   });
 
   add_test(function () {
     // test that setting "security.onecrl.via.amo" results in the correct
-    // OCSP behavior when services.blocklist.onecrl.checked is in the distant past
+    // OCSP behavior when services.kinto.onecrl.checked is in the distant past
     // and blacklist-background-update-timer is recent
     Services.prefs.setBoolPref("security.onecrl.via.amo", false);
     // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
     Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", 108000);
     // set the blocklist-background-update-timer value to the recent past
-    // (services.blocklist.onecrl.checked defaults to 0)
+    // (services.kinto.onecrl.checked defaults to 0)
     Services.prefs.setIntPref("app.update.lastUpdateTime.blocklist-background-update-timer",
                               Math.floor(Date.now() / 1000) - 1);
     clearOCSPCache();
     // the intermediate should have an associated OCSP request
     let ocspResponder = start_ocsp_responder(
                           gEVExpected ? ["int-ev-valid", "ev-valid"]
                                       : ["ev-valid"]);
     check_ee_for_ev("ev-valid", gEVExpected);
     ocspResponder.stop(run_next_test);
   });
 
   add_test(function () {
     // test that setting "security.onecrl.via.amo" results in the correct
-    // OCSP behavior when services.blocklist.onecrl.checked is recent
+    // OCSP behavior when services.kinto.onecrl.checked is recent
     Services.prefs.setBoolPref("security.onecrl.via.amo", false);
 
     // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
     Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", 108000);
 
-    // now set services.blocklist.onecrl.checked to a recent value
-    Services.prefs.setIntPref("services.blocklist.onecrl.checked",
+    // now set services.kinto.onecrl.checked to a recent value
+    Services.prefs.setIntPref("services.kinto.onecrl.checked",
                               Math.floor(Date.now() / 1000) - 1);
 
     clearOCSPCache();
     // the intermediate should not have an associated OCSP request
     let ocspResponder = start_ocsp_responder(["ev-valid"]);
     check_ee_for_ev("ev-valid", gEVExpected);
     // The tests following this assume no OCSP bypass
     Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", 0);
     Services.prefs.clearUserPref("security.onecrl.via.amo");
-    Services.prefs.clearUserPref("services.blocklist.onecrl.checked");
+    Services.prefs.clearUserPref("services.kinto.onecrl.checked");
     ocspResponder.stop(run_next_test);
   });
 
   // Test the EV continues to work with flags after successful EV verification
   add_test(function () {
     clearOCSPCache();
     let ocspResponder = start_ocsp_responder(
                           gEVExpected ? ["int-ev-valid", "ev-valid"]
rename from services/common/blocklist-clients.js
rename to services/common/KintoBlocklist.js
--- a/services/common/blocklist-clients.js
+++ b/services/common/KintoBlocklist.js
@@ -15,40 +15,40 @@ this.EXPORTED_SYMBOLS = ["AddonBlocklist
 const { classes: Cc, interfaces: Ci, utils: Cu } = Components;
 
 Cu.import("resource://gre/modules/Services.jsm");
 const { Task } = Cu.import("resource://gre/modules/Task.jsm");
 const { OS } = Cu.import("resource://gre/modules/osfile.jsm");
 
 const { loadKinto } = Cu.import("resource://services-common/kinto-offline-client.js");
 
-const PREF_SETTINGS_SERVER                   = "services.settings.server";
-const PREF_BLOCKLIST_BUCKET                  = "services.blocklist.bucket";
-const PREF_BLOCKLIST_ONECRL_COLLECTION       = "services.blocklist.onecrl.collection";
-const PREF_BLOCKLIST_ONECRL_CHECKED_SECONDS  = "services.blocklist.onecrl.checked";
-const PREF_BLOCKLIST_ADDONS_COLLECTION       = "services.blocklist.addons.collection";
-const PREF_BLOCKLIST_ADDONS_CHECKED_SECONDS  = "services.blocklist.addons.checked";
-const PREF_BLOCKLIST_PLUGINS_COLLECTION      = "services.blocklist.plugins.collection";
-const PREF_BLOCKLIST_PLUGINS_CHECKED_SECONDS = "services.blocklist.plugins.checked";
-const PREF_BLOCKLIST_GFX_COLLECTION          = "services.blocklist.gfx.collection";
-const PREF_BLOCKLIST_GFX_CHECKED_SECONDS     = "services.blocklist.gfx.checked";
+const PREF_KINTO_BASE                    = "services.kinto.base";
+const PREF_KINTO_BUCKET                  = "services.kinto.bucket";
+const PREF_KINTO_ONECRL_COLLECTION       = "services.kinto.onecrl.collection";
+const PREF_KINTO_ONECRL_CHECKED_SECONDS  = "services.kinto.onecrl.checked";
+const PREF_KINTO_ADDONS_COLLECTION       = "services.kinto.addons.collection";
+const PREF_KINTO_ADDONS_CHECKED_SECONDS  = "services.kinto.addons.checked";
+const PREF_KINTO_PLUGINS_COLLECTION      = "services.kinto.plugins.collection";
+const PREF_KINTO_PLUGINS_CHECKED_SECONDS = "services.kinto.plugins.checked";
+const PREF_KINTO_GFX_COLLECTION          = "services.kinto.gfx.collection";
+const PREF_KINTO_GFX_CHECKED_SECONDS     = "services.kinto.gfx.checked";
 
 this.FILENAME_ADDONS_JSON  = "blocklist-addons.json";
 this.FILENAME_GFX_JSON     = "blocklist-gfx.json";
 this.FILENAME_PLUGINS_JSON = "blocklist-plugins.json";
 
 
 /**
  * Helper to instantiate a Kinto client based on preferences for remote server
  * URL and bucket name. It uses the `FirefoxAdapter` which relies on SQLite to
  * persist the local DB.
  */
 function kintoClient() {
-  let base = Services.prefs.getCharPref(PREF_SETTINGS_SERVER);
-  let bucket = Services.prefs.getCharPref(PREF_BLOCKLIST_BUCKET);
+  let base = Services.prefs.getCharPref(PREF_KINTO_BASE);
+  let bucket = Services.prefs.getCharPref(PREF_KINTO_BUCKET);
 
   let Kinto = loadKinto();
 
   let FirefoxAdapter = Kinto.adapters.FirefoxAdapter;
 
   let config = {
     remote: base,
     bucket: bucket,
@@ -156,30 +156,30 @@ function* updateJSONBlocklist(filename, 
     Services.cpmm.sendAsyncMessage("Blocklist:reload-from-disk", eventData);
   } catch(e) {
     Cu.reportError(e);
   }
 }
 
 
 this.OneCRLBlocklistClient = new BlocklistClient(
-  Services.prefs.getCharPref(PREF_BLOCKLIST_ONECRL_COLLECTION),
-  PREF_BLOCKLIST_ONECRL_CHECKED_SECONDS,
+  Services.prefs.getCharPref(PREF_KINTO_ONECRL_COLLECTION),
+  PREF_KINTO_ONECRL_CHECKED_SECONDS,
   updateCertBlocklist
 );
 
 this.AddonBlocklistClient = new BlocklistClient(
-  Services.prefs.getCharPref(PREF_BLOCKLIST_ADDONS_COLLECTION),
-  PREF_BLOCKLIST_ADDONS_CHECKED_SECONDS,
+  Services.prefs.getCharPref(PREF_KINTO_ADDONS_COLLECTION),
+  PREF_KINTO_ADDONS_CHECKED_SECONDS,
   updateJSONBlocklist.bind(undefined, FILENAME_ADDONS_JSON)
 );
 
 this.GfxBlocklistClient = new BlocklistClient(
-  Services.prefs.getCharPref(PREF_BLOCKLIST_GFX_COLLECTION),
-  PREF_BLOCKLIST_GFX_CHECKED_SECONDS,
+  Services.prefs.getCharPref(PREF_KINTO_GFX_COLLECTION),
+  PREF_KINTO_GFX_CHECKED_SECONDS,
   updateJSONBlocklist.bind(undefined, FILENAME_GFX_JSON)
 );
 
 this.PluginBlocklistClient = new BlocklistClient(
-  Services.prefs.getCharPref(PREF_BLOCKLIST_PLUGINS_COLLECTION),
-  PREF_BLOCKLIST_PLUGINS_CHECKED_SECONDS,
+  Services.prefs.getCharPref(PREF_KINTO_PLUGINS_COLLECTION),
+  PREF_KINTO_PLUGINS_CHECKED_SECONDS,
   updateJSONBlocklist.bind(undefined, FILENAME_PLUGINS_JSON)
 );
rename from services/common/blocklist-updater.js
rename to services/common/kinto-updater.js
--- a/services/common/blocklist-updater.js
+++ b/services/common/kinto-updater.js
@@ -1,60 +1,61 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-this.EXPORTED_SYMBOLS = ["checkVersions", "addTestBlocklistClient"];
+this.EXPORTED_SYMBOLS = ["checkVersions", "addTestKintoClient"];
 
 const { classes: Cc, Constructor: CC, interfaces: Ci, utils: Cu } = Components;
 
 Cu.import("resource://gre/modules/Services.jsm");
 Cu.import("resource://gre/modules/Task.jsm");
 Cu.importGlobalProperties(['fetch']);
-const BlocklistClients = Cu.import("resource://services-common/blocklist-clients.js", {});
+const BlocklistClients = Cu.import("resource://services-common/KintoBlocklist.js", {});
 
-const PREF_SETTINGS_SERVER              = "services.settings.server";
-const PREF_BLOCKLIST_CHANGES_PATH       = "services.blocklist.changes.path";
-const PREF_BLOCKLIST_BUCKET             = "services.blocklist.bucket";
-const PREF_BLOCKLIST_LAST_UPDATE        = "services.blocklist.last_update_seconds";
-const PREF_BLOCKLIST_LAST_ETAG          = "services.blocklist.last_etag";
-const PREF_BLOCKLIST_CLOCK_SKEW_SECONDS = "services.blocklist.clock_skew_seconds";
+const PREF_KINTO_CHANGES_PATH       = "services.kinto.changes.path";
+const PREF_KINTO_BASE               = "services.kinto.base";
+const PREF_KINTO_BUCKET             = "services.kinto.bucket";
+const PREF_KINTO_LAST_UPDATE        = "services.kinto.last_update_seconds";
+const PREF_KINTO_LAST_ETAG          = "services.kinto.last_etag";
+const PREF_KINTO_CLOCK_SKEW_SECONDS = "services.kinto.clock_skew_seconds";
+const PREF_KINTO_ONECRL_COLLECTION  = "services.kinto.onecrl.collection";
 
 
 const gBlocklistClients = {
   [BlocklistClients.OneCRLBlocklistClient.collectionName]: BlocklistClients.OneCRLBlocklistClient,
   [BlocklistClients.AddonBlocklistClient.collectionName]: BlocklistClients.AddonBlocklistClient,
   [BlocklistClients.GfxBlocklistClient.collectionName]: BlocklistClients.GfxBlocklistClient,
   [BlocklistClients.PluginBlocklistClient.collectionName]: BlocklistClients.PluginBlocklistClient
 };
 
 // Add a blocklist client for testing purposes. Do not use for any other purpose
-this.addTestBlocklistClient = (name, client) => { gBlocklistClients[name] = client; }
+this.addTestKintoClient = (name, client) => { gBlocklistClients[name] = client; }
 
 // This is called by the ping mechanism.
 // returns a promise that rejects if something goes wrong
 this.checkVersions = function() {
   return Task.spawn(function* syncClients() {
     // Fetch a versionInfo object that looks like:
     // {"data":[
     //   {
     //     "host":"kinto-ota.dev.mozaws.net",
     //     "last_modified":1450717104423,
     //     "bucket":"blocklists",
     //     "collection":"certificates"
     //    }]}
     // Right now, we only use the collection name and the last modified info
-    let kintoBase = Services.prefs.getCharPref(PREF_SETTINGS_SERVER);
-    let changesEndpoint = kintoBase + Services.prefs.getCharPref(PREF_BLOCKLIST_CHANGES_PATH);
-    let blocklistsBucket = Services.prefs.getCharPref(PREF_BLOCKLIST_BUCKET);
+    let kintoBase = Services.prefs.getCharPref(PREF_KINTO_BASE);
+    let changesEndpoint = kintoBase + Services.prefs.getCharPref(PREF_KINTO_CHANGES_PATH);
+    let blocklistsBucket = Services.prefs.getCharPref(PREF_KINTO_BUCKET);
 
     // Use ETag to obtain a `304 Not modified` when no change occurred.
     const headers = {};
-    if (Services.prefs.prefHasUserValue(PREF_BLOCKLIST_LAST_ETAG)) {
-      const lastEtag = Services.prefs.getCharPref(PREF_BLOCKLIST_LAST_ETAG);
+    if (Services.prefs.prefHasUserValue(PREF_KINTO_LAST_ETAG)) {
+      const lastEtag = Services.prefs.getCharPref(PREF_KINTO_LAST_ETAG);
       if (lastEtag) {
         headers["If-None-Match"] = lastEtag;
       }
     }
 
     let response = yield fetch(changesEndpoint, {headers});
 
     let versionInfo;
@@ -72,18 +73,18 @@ this.checkVersions = function() {
     }
 
     // Record new update time and the difference between local and server time
     let serverTimeMillis = Date.parse(response.headers.get("Date"));
 
     // negative clockDifference means local time is behind server time
     // by the absolute of that value in seconds (positive means it's ahead)
     let clockDifference = Math.floor((Date.now() - serverTimeMillis) / 1000);
-    Services.prefs.setIntPref(PREF_BLOCKLIST_CLOCK_SKEW_SECONDS, clockDifference);
-    Services.prefs.setIntPref(PREF_BLOCKLIST_LAST_UPDATE, serverTimeMillis / 1000);
+    Services.prefs.setIntPref(PREF_KINTO_CLOCK_SKEW_SECONDS, clockDifference);
+    Services.prefs.setIntPref(PREF_KINTO_LAST_UPDATE, serverTimeMillis / 1000);
 
     let firstError;
     for (let collectionInfo of versionInfo.data) {
       // Skip changes that don't concern configured blocklist bucket.
       if (collectionInfo.bucket != blocklistsBucket) {
         continue;
       }
 
@@ -106,12 +107,12 @@ this.checkVersions = function() {
     if (firstError) {
       // cause the promise to reject by throwing the first observed error
       throw firstError;
     }
 
     // Save current Etag for next poll.
     if (response.headers.has("ETag")) {
       const currentEtag = response.headers.get("ETag");
-      Services.prefs.setCharPref(PREF_BLOCKLIST_LAST_ETAG, currentEtag);
+      Services.prefs.setCharPref(PREF_KINTO_LAST_ETAG, currentEtag);
     }
   });
 };
--- a/services/common/moz.build
+++ b/services/common/moz.build
@@ -10,20 +10,20 @@ with Files('**'):
 TEST_DIRS += ['tests']
 
 EXTRA_COMPONENTS += [
     'servicesComponents.manifest',
 ]
 
 EXTRA_JS_MODULES['services-common'] += [
     'async.js',
-    'blocklist-clients.js',
-    'blocklist-updater.js',
     'kinto-http-client.js',
     'kinto-offline-client.js',
+    'kinto-updater.js',
+    'KintoBlocklist.js',
     'logmanager.js',
     'observers.js',
     'rest.js',
     'stringbundle.js',
     'utils.js',
 ]
 
 if CONFIG['MOZ_WIDGET_TOOLKIT'] != 'android':
rename from services/common/tests/unit/test_blocklist_clients.js
rename to services/common/tests/unit/test_kintoAddonPluginBlocklist.js
--- a/services/common/tests/unit/test_blocklist_clients.js
+++ b/services/common/tests/unit/test_kintoAddonPluginBlocklist.js
@@ -4,25 +4,25 @@ const KEY_PROFILEDIR = "ProfD";
 
 Cu.import("resource://gre/modules/Services.jsm");
 Cu.import("resource://testing-common/httpd.js");
 Cu.import("resource://gre/modules/Timer.jsm");
 const { FileUtils } = Cu.import("resource://gre/modules/FileUtils.jsm");
 const { OS } = Cu.import("resource://gre/modules/osfile.jsm");
 
 const { loadKinto } = Cu.import("resource://services-common/kinto-offline-client.js");
-const BlocklistClients = Cu.import("resource://services-common/blocklist-clients.js");
+const KintoBlocklist = Cu.import("resource://services-common/KintoBlocklist.js");
 
 const BinaryInputStream = CC("@mozilla.org/binaryinputstream;1",
   "nsIBinaryInputStream", "setInputStream");
 
 const gBlocklistClients = [
-  {client: BlocklistClients.AddonBlocklistClient, filename: BlocklistClients.FILENAME_ADDONS_JSON, testData: ["i808","i720", "i539"]},
-  {client: BlocklistClients.PluginBlocklistClient, filename: BlocklistClients.FILENAME_PLUGINS_JSON, testData: ["p1044","p32","p28"]},
-  {client: BlocklistClients.GfxBlocklistClient, filename: BlocklistClients.FILENAME_GFX_JSON, testData: ["g204","g200","g36"]},
+  {client: KintoBlocklist.AddonBlocklistClient, filename: KintoBlocklist.FILENAME_ADDONS_JSON, testData: ["i808","i720", "i539"]},
+  {client: KintoBlocklist.PluginBlocklistClient, filename: KintoBlocklist.FILENAME_PLUGINS_JSON, testData: ["p1044","p32","p28"]},
+  {client: KintoBlocklist.GfxBlocklistClient, filename: KintoBlocklist.FILENAME_GFX_JSON, testData: ["g204","g200","g36"]},
 ];
 
 
 let server;
 let kintoClient;
 
 function kintoCollection(collectionName) {
   if (!kintoClient) {
@@ -72,17 +72,17 @@ function* clear_state() {
 
 
 function run_test() {
   // Set up an HTTP Server
   server = new HttpServer();
   server.start(-1);
 
   // Point the blocklist clients to use this local HTTP server.
-  Services.prefs.setCharPref("services.settings.server",
+  Services.prefs.setCharPref("services.kinto.base",
                              `http://localhost:${server.identity.primaryPort}/v1`);
 
   // Setup server fake responses.
   function handleResponse(request, response) {
     try {
       const sample = getSampleResponse(request, server.identity.primaryPort);
       if (!sample) {
         do_throw(`unexpected ${request.method} request for ${request.path}?${request.queryString}`);
rename from services/common/tests/unit/test_blocklist_certificates.js
rename to services/common/tests/unit/test_kintoCertBlocklist.js
--- a/services/common/tests/unit/test_blocklist_certificates.js
+++ b/services/common/tests/unit/test_kintoCertBlocklist.js
@@ -1,13 +1,13 @@
 const { Constructor: CC } = Components;
 
 Cu.import("resource://testing-common/httpd.js");
 
-const { OneCRLBlocklistClient } = Cu.import("resource://services-common/blocklist-clients.js");
+const { OneCRLBlocklistClient } = Cu.import("resource://services-common/KintoBlocklist.js");
 const { loadKinto } = Cu.import("resource://services-common/kinto-offline-client.js");
 
 const BinaryInputStream = CC("@mozilla.org/binaryinputstream;1",
   "nsIBinaryInputStream", "setInputStream");
 
 let server;
 
 // set up what we need to make storage adapters
@@ -35,17 +35,17 @@ function do_get_kinto_collection(collect
 // Some simple tests to demonstrate that the logic inside maybeSync works
 // correctly and that simple kinto operations are working as expected. There
 // are more tests for core Kinto.js (and its storage adapter) in the
 // xpcshell tests under /services/common
 add_task(function* test_something(){
   const configPath = "/v1/";
   const recordsPath = "/v1/buckets/blocklists/collections/certificates/records";
 
-  Services.prefs.setCharPref("services.settings.server",
+  Services.prefs.setCharPref("services.kinto.base",
                              `http://localhost:${server.identity.primaryPort}/v1`);
 
   // register a handler
   function handleResponse (request, response) {
     try {
       const sample = getSampleResponse(request, server.identity.primaryPort);
       if (!sample) {
         do_throw(`unexpected ${request.method} request for ${request.path}?${request.queryString}`);
@@ -88,27 +88,27 @@ add_task(function* test_something(){
   yield collection.db.open();
   list = yield collection.list();
   do_check_eq(list.data.length, 3);
   yield collection.db.close();
 
   // Try to maybeSync with the current lastModified value - no connection
   // should be attempted.
   // Clear the kinto base pref so any connections will cause a test failure
-  Services.prefs.clearUserPref("services.settings.server");
+  Services.prefs.clearUserPref("services.kinto.base");
   yield OneCRLBlocklistClient.maybeSync(4000, Date.now());
 
   // Try again with a lastModified value at some point in the past
   yield OneCRLBlocklistClient.maybeSync(3000, Date.now());
 
   // Check the OneCRL check time pref is modified, even if the collection
   // hasn't changed
-  Services.prefs.setIntPref("services.blocklist.onecrl.checked", 0);
+  Services.prefs.setIntPref("services.kinto.onecrl.checked", 0);
   yield OneCRLBlocklistClient.maybeSync(3000, Date.now());
-  let newValue = Services.prefs.getIntPref("services.blocklist.onecrl.checked");
+  let newValue = Services.prefs.getIntPref("services.kinto.onecrl.checked");
   do_check_neq(newValue, 0);
 });
 
 function run_test() {
   // Set up an HTTP Server
   server = new HttpServer();
   server.start(-1);
 
@@ -136,17 +136,17 @@ function getSampleResponse(req, port) {
     "GET:/v1/?": {
       "sampleHeaders": [
         "Access-Control-Allow-Origin: *",
         "Access-Control-Expose-Headers: Retry-After, Content-Length, Alert, Backoff",
         "Content-Type: application/json; charset=UTF-8",
         "Server: waitress"
       ],
       "status": {status: 200, statusText: "OK"},
-      "responseBody": JSON.stringify({"settings":{"batch_max_requests":25}, "url":`http://localhost:${port}/v1/`, "documentation":"https://kinto.readthedocs.org/", "version":"1.5.1", "commit":"cbc6f58", "hello":"kinto"})
+      "responseBody": JSON.stringify({"settings":{"cliquet.batch_max_requests":25}, "url":`http://localhost:${port}/v1/`, "documentation":"https://kinto.readthedocs.org/", "version":"1.5.1", "commit":"cbc6f58", "hello":"kinto"})
     },
     "GET:/v1/buckets/blocklists/collections/certificates/records?_sort=-last_modified": {
       "sampleHeaders": [
         "Access-Control-Allow-Origin: *",
         "Access-Control-Expose-Headers: Retry-After, Content-Length, Alert, Backoff",
         "Content-Type: application/json; charset=UTF-8",
         "Server: waitress",
         "Etag: \"3000\""
rename from services/common/tests/unit/test_blocklist_updater.js
rename to services/common/tests/unit/test_kinto_updater.js
--- a/services/common/tests/unit/test_blocklist_updater.js
+++ b/services/common/tests/unit/test_kinto_updater.js
@@ -1,16 +1,17 @@
+Cu.import("resource://services-common/kinto-updater.js")
 Cu.import("resource://testing-common/httpd.js");
 
 var server;
 
-const PREF_SETTINGS_SERVER = "services.settings.server";
-const PREF_LAST_UPDATE = "services.blocklist.last_update_seconds";
-const PREF_LAST_ETAG = "services.blocklist.last_etag";
-const PREF_CLOCK_SKEW_SECONDS = "services.blocklist.clock_skew_seconds";
+const PREF_KINTO_BASE = "services.kinto.base";
+const PREF_LAST_UPDATE = "services.kinto.last_update_seconds";
+const PREF_LAST_ETAG = "services.kinto.last_etag";
+const PREF_CLOCK_SKEW_SECONDS = "services.kinto.clock_skew_seconds";
 
 // Check to ensure maybeSync is called with correct values when a changes
 // document contains information on when a collection was last modified
 add_task(function* test_check_maybeSync(){
   const changesPath = "/v1/buckets/monitor/collections/changes/records";
 
   // register a handler
   function handleResponse (serverTimeMillis, request, response) {
@@ -35,33 +36,33 @@ add_task(function* test_check_maybeSync(
     } catch (e) {
       dump(`${e}\n`);
     }
   }
 
   server.registerPathHandler(changesPath, handleResponse.bind(null, 2000));
 
   // set up prefs so the kinto updater talks to the test server
-  Services.prefs.setCharPref(PREF_SETTINGS_SERVER,
+  Services.prefs.setCharPref(PREF_KINTO_BASE,
     `http://localhost:${server.identity.primaryPort}/v1`);
 
   // set some initial values so we can check these are updated appropriately
   Services.prefs.setIntPref(PREF_LAST_UPDATE, 0);
   Services.prefs.setIntPref(PREF_CLOCK_SKEW_SECONDS, 0);
   Services.prefs.clearUserPref(PREF_LAST_ETAG);
 
 
   let startTime = Date.now();
 
-  let updater = Cu.import("resource://services-common/blocklist-updater.js");
+  let updater = Cu.import("resource://services-common/kinto-updater.js");
 
   let syncPromise = new Promise(function(resolve, reject) {
     // add a test kinto client that will respond to lastModified information
     // for a collection called 'test-collection'
-    updater.addTestBlocklistClient("test-collection", {
+    updater.addTestKintoClient("test-collection", {
       maybeSync(lastModified, serverTime) {
         do_check_eq(lastModified, 1000);
         do_check_eq(serverTime, 2000);
         resolve();
       }
     });
     updater.checkVersions();
   });
@@ -80,17 +81,17 @@ add_task(function* test_check_maybeSync(
               && clockDifference >= Math.floor(startTime / 1000) - 2);
   // Last timestamp was saved. An ETag header value is a quoted string.
   let lastEtag = Services.prefs.getCharPref(PREF_LAST_ETAG);
   do_check_eq(lastEtag, "\"1100\"");
 
   // Simulate a poll with up-to-date collection.
   Services.prefs.setIntPref(PREF_LAST_UPDATE, 0);
   // If server has no change, a 304 is received, maybeSync() is not called.
-  updater.addTestBlocklistClient("test-collection", {
+  updater.addTestKintoClient("test-collection", {
     maybeSync: () => {throw new Error("Should not be called");}
   });
   yield updater.checkVersions();
   // Last update is overwritten
   do_check_eq(Services.prefs.getIntPref(PREF_LAST_UPDATE), 2);
 
 
   // Simulate a server error.
--- a/services/common/tests/unit/xpcshell.ini
+++ b/services/common/tests/unit/xpcshell.ini
@@ -4,21 +4,20 @@ tail =
 firefox-appdir = browser
 skip-if = toolkit == 'gonk'
 support-files =
   test_storage_adapter/**
 
 # Test load modules first so syntax failures are caught early.
 [test_load_modules.js]
 
-[test_blocklist_certificates.js]
-[test_blocklist_clients.js]
-[test_blocklist_updater.js]
-
 [test_kinto.js]
+[test_kinto_updater.js]
+[test_kintoAddonPluginBlocklist.js]
+[test_kintoCertBlocklist.js]
 [test_storage_adapter.js]
 
 [test_utils_atob.js]
 [test_utils_convert_string.js]
 [test_utils_dateprefs.js]
 [test_utils_deepCopy.js]
 [test_utils_encodeBase32.js]
 [test_utils_encodeBase64URL.js]
--- a/testing/profiles/prefs_general.js
+++ b/testing/profiles/prefs_general.js
@@ -104,18 +104,18 @@ user_pref("extensions.update.enabled", f
 // Make sure opening about:addons won't hit the network
 user_pref("extensions.webservice.discoverURL", "http://%(server)s/extensions-dummy/discoveryURL");
 // Make sure AddonRepository won't hit the network
 user_pref("extensions.getAddons.maxResults", 0);
 user_pref("extensions.getAddons.get.url", "http://%(server)s/extensions-dummy/repositoryGetURL");
 user_pref("extensions.getAddons.getWithPerformance.url", "http://%(server)s/extensions-dummy/repositoryGetWithPerformanceURL");
 user_pref("extensions.getAddons.search.browseURL", "http://%(server)s/extensions-dummy/repositoryBrowseURL");
 user_pref("extensions.getAddons.search.url", "http://%(server)s/extensions-dummy/repositorySearchURL");
-// Ensure blocklist updates don't hit the network
-user_pref("services.settings.server", "http://%(server)s/dummy-kinto/v1");
+// Ensure kinto updates don't hit the network
+user_pref("services.kinto.base", "http://%(server)s/dummy-kinto/v1");
 // Make sure that opening the plugins check page won't hit the network
 user_pref("plugins.update.url", "http://%(server)s/plugins-dummy/updateCheckURL");
 // Make sure SNTP requests don't hit the network
 user_pref("network.sntp.pools", "%(server)s");
 // We know the SNTP request will fail, since localhost isn't listening on
 // port 135. The default number of retries (10) is excessive, but retrying
 // at least once will mean that codepath is still tested in automation.
 user_pref("network.sntp.maxRetryCount", 1);
--- a/toolkit/mozapps/extensions/nsBlocklistService.js
+++ b/toolkit/mozapps/extensions/nsBlocklistService.js
@@ -43,17 +43,17 @@ const PREF_BLOCKLIST_URL              = 
 const PREF_BLOCKLIST_ITEM_URL         = "extensions.blocklist.itemURL";
 const PREF_BLOCKLIST_ENABLED          = "extensions.blocklist.enabled";
 const PREF_BLOCKLIST_INTERVAL         = "extensions.blocklist.interval";
 const PREF_BLOCKLIST_LEVEL            = "extensions.blocklist.level";
 const PREF_BLOCKLIST_PINGCOUNTTOTAL   = "extensions.blocklist.pingCountTotal";
 const PREF_BLOCKLIST_PINGCOUNTVERSION = "extensions.blocklist.pingCountVersion";
 const PREF_BLOCKLIST_SUPPRESSUI       = "extensions.blocklist.suppressUI";
 const PREF_ONECRL_VIA_AMO             = "security.onecrl.via.amo";
-const PREF_BLOCKLIST_UPDATE_ENABLED   = "services.blocklist.update_enabled";
+const PREF_KINTO_UPDATE_ENABLED       = "services.kinto.update_enabled";
 const PREF_PLUGINS_NOTIFYUSER         = "plugins.update.notifyUser";
 const PREF_GENERAL_USERAGENT_LOCALE   = "general.useragent.locale";
 const PREF_APP_DISTRIBUTION           = "distribution.id";
 const PREF_APP_DISTRIBUTION_VERSION   = "distribution.version";
 const PREF_EM_LOGGING_ENABLED         = "extensions.logging.enabled";
 const XMLURI_BLOCKLIST                = "http://www.mozilla.org/2006/addons-blocklist";
 const XMLURI_PARSE_ERROR              = "http://www.mozilla.org/newlayout/xml/parsererror.xml"
 const UNKNOWN_XPCOM_ABI               = "unknownABI";
@@ -626,21 +626,21 @@ Blocklist.prototype = {
     request.send(null);
 
     // When the blocklist loads we need to compare it to the current copy so
     // make sure we have loaded it.
     if (!this._isBlocklistLoaded())
       this._loadBlocklist();
 
     // If kinto update is enabled, do the kinto update
-    if (gPref.getBoolPref(PREF_BLOCKLIST_UPDATE_ENABLED)) {
-      const updater =
-        Components.utils.import("resource://services-common/blocklist-updater.js",
+    if (gPref.getBoolPref(PREF_KINTO_UPDATE_ENABLED)) {
+      let KintoUpdater =
+        Components.utils.import("resource://services-common/kinto-updater.js",
                                 {});
-      updater.checkVersions().catch(() => {
+      KintoUpdater.checkVersions().catch(() => {
         // Before we enable this in release, we want to collect telemetry on
         // failed kinto updates - see bug 1254099
       });
     }
   },
 
   onXMLLoad: Task.async(function*(aEvent) {
     let request = aEvent.target;
--- a/toolkit/mozapps/extensions/test/xpcshell/head_addons.js
+++ b/toolkit/mozapps/extensions/test/xpcshell/head_addons.js
@@ -1869,17 +1869,18 @@ Services.prefs.setBoolPref("extensions.g
 
 // Disable the compatibility updates window by default
 Services.prefs.setBoolPref("extensions.showMismatchUI", false);
 
 // Point update checks to the local machine for fast failures
 Services.prefs.setCharPref("extensions.update.url", "http://127.0.0.1/updateURL");
 Services.prefs.setCharPref("extensions.update.background.url", "http://127.0.0.1/updateBackgroundURL");
 Services.prefs.setCharPref("extensions.blocklist.url", "http://127.0.0.1/blocklistURL");
-Services.prefs.setCharPref("services.settings.server", "http://localhost/dummy-kinto/v1");
+Services.prefs.setCharPref("services.kinto.base",
+                           "http://localhost/dummy-kinto/v1");
 
 // By default ignore bundled add-ons
 Services.prefs.setBoolPref("extensions.installDistroAddons", false);
 
 // By default use strict compatibility
 Services.prefs.setBoolPref("extensions.strictCompatibility", true);
 
 // By default don't check for hotfixes
--- a/toolkit/mozapps/extensions/test/xpcshell/test_blocklist_regexp.js
+++ b/toolkit/mozapps/extensions/test/xpcshell/test_blocklist_regexp.js
@@ -62,17 +62,17 @@ function load_blocklist(aFile, aCallback
 
   Services.prefs.setCharPref("extensions.blocklist.url", "http://localhost:" +
                              gPort + "/data/" + aFile);
   var blocklist = Cc["@mozilla.org/extensions/blocklist;1"].
                   getService(Ci.nsITimerCallback);
   // if we're not using the blocklist.xml for certificate blocklist state,
   // ensure that kinto update is enabled
   if (!Services.prefs.getBoolPref("security.onecrl.via.amo")) {
-    ok(Services.prefs.getBoolPref("services.blocklist.update_enabled", false),
+    ok(Services.prefs.getBoolPref("services.kinto.update_enabled", false),
                                   "Kinto update should be enabled");
   }
   blocklist.notify(null);
 }
 
 
 function end_test() {
   testserver.stop(do_test_finished);