Security/DNSSEC-TLS: Difference between revisions

Jump to navigation Jump to search

Security/DNSSEC-TLS (view source)

Revision as of 17:29, 15 July 2011

3,198 bytes removed ,  15 July 2011
no edit summary
No edit summary
No edit summary
Line 17: Line 17:
}}
}}
{{FeatureTeamStatus}}
{{FeatureTeamStatus}}
{| class="fullwidth-table"
|-
| style="font-weight: bold; background: #DDD;" | Feature
| style="font-weight: bold; background: #DDD;" | Status
| style="font-weight: bold; background: #DDD;" | ETA
| style="font-weight: bold; background: #DDD;" | Owner
|-
<section begin="status" />
| [[Security/DNSSEC-TLS|DNSSEC-TLS]]
| {{StatusHealthy|status=Internal demonstration implementation}}
| 2011-09-01
| [[User:dkeeler|David Keeler]]
<section end="status" />
|}
This set of pages documents the TLS domain validation through DNSSEC project. These documents are currently a work in progress. There are likely many errors.
== Summary  ==
This project aims to implement domain validation in TLS sessions through use of DNSSEC chains.
== Team  ==
Who's working on this?
*'''Feature Manager''':
*'''Lead Developer''': [[User:dkeeler|David Keeler]]
*'''Product Manager''':
*'''QA''':
*'''Security''':
*'''Privacy''':
== Release Requirements  ==
The release requirements include a fully working and well tested implementation of this feature. This includes a server implementation. Currently nginx is being targeted as the server of choice.
== Next Steps &amp; Open Issues  ==
*{{done|Complete external implementation}}
*{{done|Complete in-browser demo implementation}}
*{{new|Get someone to look at what I've written to make sure it's not totally off the mark}}
*{{new|Complete in-browser implementation}}
== Related Bugs &amp; Dependencies  ==
[https://bugzilla.mozilla.org/show_bug.cgi?id=589537 bug 589357]
This feature depends on servers with the ability to send DNSSEC chains. Nginx has been modified to support this, as described in a document to come.
== Risks  ==
Risks are discussed in the [[Security/DNSSEC-TLS-details#Security Considerations|security considerations]] section of the detailed design page.
== Use Cases  ==
The use case is anyone running an HTTPS server and anyone wishing to connect to that server using Firefox.
== Designs  ==
Design specifications are detailed [[Security/DNSSEC-TLS-details|here]].
== Test Plans  ==
Test plans are [[Security/DNSSEC-TLS-details#Test Plans|here]].
== Goals ==
Implement domain validation for TLS connections using DNSSEC in Firefox. That is, in addition to sending a certificate in the TLS handshake, a server would send sufficient DNSSEC records to convince the client of its identity and establish public key material.
== Non-Goals  ==
To be updated as issues arise.
== Other Stuff  ==
There is currently no other stuff.
== Legend (remove if you like)  ==
{| class="fullwidth-table"
|-
| {{StatusHealthy|status=&nbsp;}}
| Healthy: feature is progressing as expected.
|-
| {{StatusBlocked|status=&nbsp;}}
| Blocked: feature is currently blocked.
|-
| {{StatusAtRisk|status=&nbsp;}}
| At Risk: feature is at risk of missing its targeted release.
|-
| '''ETA'''
| Estimated date for completion of the current feature task. Overall ETA for the feature is the product release date.
|}
__NOTOC__
Please remove this line and any non-relevant categories below. Add whatever other categories you feel are appropriate.
[[Category:Features]] [[Category:Firefox]] [[Category:Platform]] [[Category:Security]]
Dkeeler
Confirmed users
299

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/330127"

Navigation menu