Privacy/Reviews/Telemetry/SSL Certificates And Errors: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
Line 24: Line 24:


== Measurement to Collect ==
== Measurement to Collect ==
We will collect five histograms of data.
We will collect seven histograms of data.
* SSL OK
0 - Certificate was bad
1 - Certificate was good
* SSL/TLS Version
* SSL/TLS Version
  0 - Unknown SSL/TLS Version
  0 - Unknown SSL/TLS Version
Line 35: Line 38:
** If elliptic curve cryptography (ECC) is not enabled at compile time, then the values are stored as index + 256. This leaks some information about a user's build.
** If elliptic curve cryptography (ECC) is not enabled at compile time, then the values are stored as index + 256. This leaks some information about a user's build.
** Retrieving the ciphersuite from the data involves performing a lookup in the table, adjusting for ECC if needed.
** Retrieving the ciphersuite from the data involves performing a lookup in the table, adjusting for ECC if needed.
n - Index into SSL_ImplementedCiphers
* Generic SSL/TLS Certificate Error
* Generic SSL/TLS Certificate Error
** Below values are defined in [http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/public/nsIX509Cert.idl nsIX509Cert.idl]
** Based on errors defined in ]mxr.mozilla.org/mozilla-central/source/security/nss/lib/util/secerr.h secerr.h]
** Mapping of below errors to NSS SEC_* errors can be found in [http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsNSSCertificate.cpp nsNSSCertificate.cpp]
** Value is calculated by subtracting SSL_ERROR_BASE from the errorcode
0 - NOT_VERIFIED_UNKNOWN
  n - SSL errorcode
1 - CERT_REVOKED
2 - CERT_EXPIRED
3 - CERT_NOT_TRUSTED
4 - ISSUER_NOT_TRUSTED
5 - ISSUER_UNKNOWN
6 - INVALID_CA
  7 - USAGE_NOT_ALLOWED
* Detailed SSL/TLS Certificate Error
* Detailed SSL/TLS Certificate Error
** The above generic errors may map to more specific errors
** The above generic errors may map to more specific errors
** More than one of the below errors can occur. The resulting value will be the bitwise-or of the applicable flags
** More than one of the below errors can occur. The resulting value will be the bitwise-or of the applicable flags
*** Self-signed and untrusted can not occur at the same time
** Untrusted Issuer/Domain Mismatch/Invalid Time are defined in [http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/public/nsICertOverrideService.idl nsICertOverrideService.idl]
0 - Certificate Revoked
  1 - Self-signed Certificate
  1 - Self-signed Certificate
  2 - Untrusted Issuer
  2 - Untrusted Issuer
Line 57: Line 55:
  0 - Server doesn't use RSA
  0 - Server doesn't use RSA
  n - # of bits in server modulus
  n - # of bits in server modulus
* SSL/TLS Intolerant site
** Logs connection attempts to sites which do not implement TLS properly
1 - Server is intolerant


= Privacy Considerations =
= Privacy Considerations =

Revision as of 23:11, 8 December 2011


This page documents one type of data collected by telemetry: what is collected, the problem we seek to solve by collecting the data, and how we minimize any risks to users' privacy in deploying the measurement.

Status:

Engineering Contact: David Chan
Product Contact: David Chan
Privacy Contact: Sid Stamm
Document State: [ON TRACK]

Problem Statement

What problem will this solve?

  1. Does a significant percentage of our userbase visit sites with weak encryption e.g. < 512bit RSA, < SSLv3, weak ciphers?
  2. What kind of certificate related errors are our user's encountering?

Measurement to Collect

We will collect seven histograms of data.

  • SSL OK
0 - Certificate was bad
1 - Certificate was good
  • SSL/TLS Version
0 - Unknown SSL/TLS Version
1 - Not Used
2 - SSLv2
3 - SSLv3
4 - SSLv3.1 / TLS 1.0
  • Negotiated Ciphersuite
    • The values are an index mapping to the array SSL_ImplementedCiphers in sslenum.c
    • If elliptic curve cryptography (ECC) is not enabled at compile time, then the values are stored as index + 256. This leaks some information about a user's build.
    • Retrieving the ciphersuite from the data involves performing a lookup in the table, adjusting for ECC if needed.
n - Index into SSL_ImplementedCiphers
  • Generic SSL/TLS Certificate Error
    • Based on errors defined in ]mxr.mozilla.org/mozilla-central/source/security/nss/lib/util/secerr.h secerr.h]
    • Value is calculated by subtracting SSL_ERROR_BASE from the errorcode
n - SSL errorcode
  • Detailed SSL/TLS Certificate Error
    • The above generic errors may map to more specific errors
    • More than one of the below errors can occur. The resulting value will be the bitwise-or of the applicable flags
    • Untrusted Issuer/Domain Mismatch/Invalid Time are defined in nsICertOverrideService.idl
0 - Certificate Revoked
1 - Self-signed Certificate
2 - Untrusted Issuer
4 - Domain Mismatch
8 - Invalid Time (expired / not valid yet)
  • Server RSA Public Key Modulus
0 - Server doesn't use RSA
n - # of bits in server modulus
  • SSL/TLS Intolerant site
    • Logs connection attempts to sites which do not implement TLS properly
1 - Server is intolerant

Privacy Considerations

This section will contain potential privacy risks and measures taken to minimize them. The privacy contact will fill this out.

Consent and Privacy Policy Considerations

This section contains notation of any changes to privacy policies or user opt-in/opt-out consent UX that is updated to include this measurement. The privacy contact will fill this out.

Alignment with Operating Principles

This section briefly describes how the measurement and technique lines up with our operating principles. The privacy contact will fill this out.'

Transparency / No Surprises
-
Real Choice
-
Sensible Defaults
-
Limited Data
-
Retrieved from "https://wiki.allizom.org/index.php?title=Privacy/Reviews/Telemetry/SSL_Certificates_And_Errors&oldid=377213"