I just happened to be running Wireshark doing some other stuff and noticed an very short SSL exchange happen. I had Firefox open, but only on a couple of regular http pages. Any ideas? I didn't think Mozilla was into this kind of secret phoning home, it seems more of an M$ trick. Here's some excerpts from the reassembled convo (with human readable extracts and snips) -- but it's just mostly the SSL cert and encryption setup stuff, nothing to indicate what it's really doing...

Anyone know what's going on?

IP dest was 63.245.209.49 (Mozilla.org)

...+.........aus2.mozilla.org.
........................F..F.?..S.....0....`..bk] .../..L.X G."..6.`...
C..F.[...u..#.F...|..............0...0.........
j
5......:0
..*.H..
.....0..1.0...U....US1.0...U....Texas1.0...U....San Antonio1.0...U....GS CA1$0"..U.
..XRamp Security Services Inc1&0$..U....XRamp Security Services GS CA0..
050105052436Z.
080105054019Z0..1.0...U....US1.0...U...
California1.0...U...
Mountain View1.0...U.
..Mozilla Foundation1.0...U...
*.mozilla.org1.0...U...
*.mozilla.org1%0#..*.H..
.....hostmaster@mozilla.org0..0

http://crl.xrampsecurity.com/XRampGSCA.crl0U..U. .N0L0J..`.H...E....0;09..+........-http://www.xrampsecurity.com/legal/issuer.asp0