Firefox3/Firefox Requirements Meetings/Security and Privacy

From MozillaWiki
Jump to: navigation, search

« Firefox Requirements Meetings

Dial-in Info

  • +1 650-215-1282x91 Conf# 8602 (US/INTL)
  • +1 800-707-2533 (pin 369) Conf# 8602

Agenda

The following list is taken directly from the Firefox 3 Detailed Feature List. If this list does not match the other, the Google Spreadsheet version takes precedence (I may have made a copying error).

  • P1 - Security/Privacy context UI redesign (currently: lock icon)
      • P1 FR - Support website identity validation mechanism (ref: EV Certs)
      • P1 FR - Indicate security and privacy status in secondary UI
      • P1 FR - Alert user when they are providing information on a suspicious website
      • P1 NFR - User should be able to determine the "identity" of a website when that information is available
      • P1 NFR - User should be able to investigate signals of website trustworthiness
      • P1 NFR - Better UI indication of encryption, identity, previous interaction/knowledge of site, overall level of trust in site
  • P2 - Private web browsing
      • P2 FR - Create a "private browsing mode" for Firefox
      • P2 FR - Indicate privacy status, exchange of personal information in primary UI (stealth mode conceptual mockup, -Alex)
      • P2 NFR - Should not interfere with normal browsing mode
  • P2 - Blacklisting of malicious websites
      • P2 FR - Extend phishing protection to include malware sites and Add-ons
      • P2 NFR - Unify terminology and metaphors for "blocked malicious content"

Notes

Item

  • P1 - Security/Privacy context UI redesign (currently: lock icon)
    • P1 FR - Support website identity validation mechanism (ref: EV Certs)
    • P1 FR - Indicate security and privacy status in secondary UI
    • P1 FR - Alert user when they are providing information on a suspicious website
    • P1 NFR - User should be able to determine the "identity" of a website when that information is available
    • P1 NFR - User should be able to investigate signals of website trustworthiness
    • P1 NFR - Better UI indication of encryption, identity, previous interaction/knowledge of site, overall level of trust in site

Notes

  • "Security context UI redesign"
    • Current system sucks (various locks and the domain name in the status bar)
    • We should redesign it because people either ignore them or misunderstand them.
    • Item 1 - "Website ID validation" - EV Certs -- will certs be well defined enough by the time we need them? Might not be at 1.0 but will be close enough to use - MS will be announcing at RSA that they're doing a major initiative related to EV Certs - their prototype program is in full swing and IE7 already supports it. We really need to support it in Firefox 3.
      • DNSec is another system that does this - but 3-5 years to become real
      • This FR does not imply UI, just backend stuff. Seems to be a no-brainer to include this support in Fx3.
      • Current plan is to have support in place that will show up in hte certificate viewer -- UI issues are currently outstanding.
      • Stays as a P1 FR
    • Item 2 - "Indicate sec/priv status in secondary UI"
      • What's "secondary" about the UI - some way of understanding when I'm on a website what my privacy/security status - possibly in Page Info or somesuch
      • Drop to P3
    • Item 3 - "Alert user when they're providing info on a suspicious website"
      • This is a rich wealth of the user's history and we'll know what pages they have already supplied form information to (ie: my bank page) -- compare current site vs history sites and warn if there's a possible discrepency. Turns out that this is possibly a bad idea.
      • Possibly indicate to a user when they are on a site they've been on before, rather than try to make it specifically about form entries and such, but the form filling part is actually pretty important.
      • DELETE FROM PRD
      • Continue investigate - this may be related to password management stuff.
    • Item 4 - "User should be able to determine the identity of a website when that information is available"
      • If the user wants to investigate the claimed identity (metadata) of a site, that information should be available.
      • Change this to an FR
      • This ties in with the Website ID validation (Item 1)
    • Item 5 - rephrase as "P2 FR Provide UI for displaying summary of security signals"
    • Item 6 - leave as is, just strike "overall level of trust in site" - Move to the top of the list - leave as P1
    • ADD: "P2 NFR Simplify the UI around presenting certificates"
    • ADD: "P1 NFR Simplify dialogs around certificate errors"
    • ADD: "P2 NFR Improve dialogs/alerts related to security" - would be trivial to get rid of them, not trivial to change them into something else

Item

  • P2 - Private web browsing
    • P2 FR - Create a "private browsing mode" for Firefox
    • P2 FR - Indicate privacy status, exchange of personal information in primary UI
    • P2 NFR - Should not interfere with normal browsing mode

Notes

  • General idea is to have a system where you don't have to nuke everything. Right now you either have privacy or you don't. We want to enable both of those.
  • Current Clear Private Data is a hack.
  • Would like a mode where data never touches the disk.
  • There are some bugs that call it Kiosk mode, but there are other irrelevant features in those bugs.
  • This is, as is, client-side only. Do we want to take it further and build TOR or somesuch into the browser?
  • If we're going to call it "Privacy Mode" we have to deal with all aspects of it. Could involve third party providers and such.
  • Need to look into liability issues and such.
    • CONSIDER: "P3 FR Create pluggable architecture that supports this"
    • CONSIDER: "P3 FR Support use of third-party systems like TOR"
    • Item 1: Clarify that "Private Browsing Mode" is local client only
      • This particular section warrants more in-depth investigation
    • Item 2: Basically this means "It should be clear to a user when they are in or out of private browsing mode"
      • Remove ", exchange of personal information" from that item
      • Must be careful about how we communicate and design this feature
      • Need to set up use cases and figure out what we're actually trying to do here
    • Item 3: DELETE this

Item

  • P2 - Blacklisting of malicious websites
    • P2 FR - Extend phishing protection to include malware sites and Add-ons
    • P2 NFR - Unify terminology and metaphors for "blocked malicious content"

Notes

  • We need to figure out what we mean by "malware" here. So this needs to be carefully thought through.

Also ADD

  • "P1 FR Chromeless popup windows should have some forced chrome" Bug #337344
  • "P1 FR Change default dom.disable_window_open_feature.location to true" aka " Fix Bug #337344"
  • "P1 FR Countermeasures for Java/plugin/extension vulnerabilities (disable, warn, offer updates)" BUG 271559
  • "P1 FR Tighten the same-origin policy for local files (file: URLs, trusted, security)" Bug 230606
  • "P2 FR Sanitizing content sinks for full content, not just fragments"
  • "P1 FR Content restriction - Allow web authors to restrict scripts in headers" - Gerv's proposal
  • "P3 FR Content restriction - Everything else involved with this" - Gerv's proposal

Other questions

  • Should we have some sort of sandbox for extensions? This was discussed in Add-ons and the result is a P3 FR/PFuture. See Addons for details.