Confirmed users, Administrators
5,526
edits
Security/Features/SSL Error Reporting: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 15: | Line 15: | ||
|Feature users and use cases=A user browses to a secure website, but gets the warning: "This Connection is Untrusted". The user views the technical details and sees that the error is due to an invalid security certificate, so they click on the option to send the error information to Mozilla for analysis. | |Feature users and use cases=A user browses to a secure website, but gets the warning: "This Connection is Untrusted". The user views the technical details and sees that the error is due to an invalid security certificate, so they click on the option to send the error information to Mozilla for analysis. | ||
Another use case will be when [[CA_pinning_functionality | Certificate Pinning]] is available. When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browser, then an alert will be generated and sent to Mozilla to be stored and analyzed. There may be some false alarms, but if a real issue (such as MITM) is identified, the security-group should be alerted for further action. | |||
|Feature dependencies=This feature is not dependent on anything else, but Cert Pinning will need this capability. | |Feature dependencies=This feature is not dependent on anything else, but Cert Pinning will need this capability. | ||
|Feature requirements=The user should opt-in to send the information to Mozilla. | |Feature requirements=The user should opt-in to send the information to Mozilla. | ||
Enough information needs to be sent to Mozilla for us to be able to reproduce or sufficiently analyze the problem. | Enough information needs to be sent to Mozilla for us to be able to reproduce or sufficiently analyze the problem. | ||
|Feature functional spec=Two phases: | |Feature functional spec=Two phases: | ||
# Add interface to "Untrusted Connection" for user to send error report to Mozilla. | # Add interface to "Untrusted Connection" for user to send error report to Mozilla. | ||
| Line 28: | Line 28: | ||
# Possible specific user interface for when a Cert Pinning violation is caught. | # Possible specific user interface for when a Cert Pinning violation is caught. | ||
|Feature implementation plan=# Look into using Bagheera to return the necessary information: | |Feature implementation plan=# Look into using Bagheera to return the necessary information: | ||
* Entire certificate chain as sent by server | #* Entire certificate chain as sent by server | ||
* Domain of bad connection | #* Domain of bad connection | ||
* Error Code | #* Error Code | ||
* User Agent, IP, Timestamp | #* User Agent, IP, Timestamp | ||
# Add user interface for opt-in to send error info to Mozilla. | # Add user interface for opt-in to send error info to Mozilla. | ||
# Add back-end utilities to analyze the data. | # Add back-end utilities to analyze the data. | ||
|Feature security review={{Bug|846502}} | |Feature security review={{Bug|846502}} | ||
|Feature privacy review={{Bug|846506}} | |Feature privacy review={{Bug|846506}} | ||