Privacy/Reviews/Telemetry/SSL Certificates And Errors: Difference between revisions

Jump to navigation Jump to search

Privacy/Reviews/Telemetry/SSL Certificates And Errors (view source)

Revision as of 22:31, 2 December 2011

1,311 bytes added ,  2 December 2011
→‎Measurement to Collect
m (Created page with "__NOTOC__ This page documents one type of data collected by telemetry: what is collected, the problem we seek to solve by collecting the data, and how we minimize any risks to u...")
 
Line 24: Line 24:


== Measurement to Collect ==
== Measurement to Collect ==
''Describe the data that will be recorded and transmitted to our servers, and how it will be kept (as unique measurement or in aggregate) on our servers.  The product or engineering contact should fill this out.''
We will collect five histograms of data.
* SSL/TLS Version
0 - Unknown SSL/TLS Version
1 - Not Used
2 - SSLv2
3 - SSLv3
4 - SSLv3.1 / TLS 1.0
* Negotiated Ciphersuite
** The values are an index mapping to the array SSL_ImplementedCiphers in [http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ssl/sslenum.c sslenum.c]
** If elliptic curve cryptography (ECC) is not enabled at compile time, then the values are stored as index + 256. This leaks some information about a user's build.
** Retrieving the ciphersuite from the data involves performing a lookup in the table, adjusting for ECC if needed.
* Generic SSL/TLS Certificate Error
** Below values are defined in [http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/public/nsIX509Cert.idl nsIX509Cert.idl]
** Mapping of below errors to NSS SEC_* errors can be found in [http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsNSSCertificate.cpp nsNSSCertificate.cpp]
  0 - NOT_VERIFIED_UNKNOWN
1 - CERT_REVOKED
2 - CERT_EXPIRED
3 - CERT_NOT_TRUSTED
4 - ISSUER_NOT_TRUSTED
5 - ISSUER_UNKNOWN
6 - INVALID_CA
7 - USAGE_NOT_ALLOWED
* Detailed SSL/TLS Certificate Error
** The above generic errors may map to more specific errors
** More than one of the below errors can occur. The resulting value will be the bitwise-or of the applicable flags
*** Self-signed and untrusted can not occur at the same time
1 - Self-signed Certificate
2 - Untrusted Issuer
4 - Domain Mismatch
8 - Invalid Time (expired / not valid yet)


= Privacy Considerations =
= Privacy Considerations =
Dchan
Confirmed users
110

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/375409"

Navigation menu