Security/Features/SSL Error Reporting: Difference between revisions

Jump to navigation Jump to search

Security/Features/SSL Error Reporting (view source)

Revision as of 16:52, 9 September 2013

1 byte removed ,  9 September 2013
no edit summary
No edit summary
No edit summary
 
Line 13: Line 13:
{{FeaturePageBody
{{FeaturePageBody
|Feature overview=Add a "Report to Mozilla" option to the "Untrusted Connection" error page. {{Bug|846501}}
|Feature overview=Add a "Report to Mozilla" option to the "Untrusted Connection" error page. {{Bug|846501}}
|Feature users and use cases=A user browses to a secure website, but gets the warning: "This Connection is Untrusted". If the user has already opted-in to sending telemetry data to Mozilla, then Mozilla telemetry with collect the appropriate information.
|Feature users and use cases=A user browses to a secure website, but gets the warning: "This Connection is Untrusted". If the user has already opted-in to sending telemetry data to Mozilla, then Mozilla telemetry will collect the appropriate information.


Another use case will be when [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] is available. When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browser, then an alert will be displayed to the user, and provide a "report to Mozilla" option. The user should be warned that their interaction with the website might be watched, so they should avoid entering personal data, but they should be able to accept the risk and go forward to the site. Note that the reporting mechanism could possibly get blocked by a malicious actor (or for some other reason), and if that happens the user should be notified that the reporting mechanism may be being blocked, and the information should be made available (in a file?) so the user can email or submit the information to us some other way.
Another use case will be when [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] is available. When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browser, then an alert will be displayed to the user, and provide a "report to Mozilla" option. The user should be warned that their interaction with the website might be watched, so they should avoid entering personal data, but they should be able to accept the risk and go forward to the site. Note that the reporting mechanism could possibly get blocked by a malicious actor (or for some other reason), and if that happens the user should be notified that the reporting mechanism may be being blocked, and the information should be made available (in a file?) so the user can email or submit the information to us some other way.
Line 34: Line 34:
# UX changes for [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] error reporting
# UX changes for [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] error reporting
# Add back-end utilities to analyze the data.
# Add back-end utilities to analyze the data.
|Feature security review={{Bug|846502}}
|Feature security review={{Bug|846502}}
|Feature privacy review={{Bug|846506}}
|Feature privacy review={{Bug|846506}}
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/705052"

Navigation menu