Security/Features/SSL Error Reporting: Difference between revisions
No edit summary |
No edit summary |
||
| Line 28: | Line 28: | ||
#* Entire certificate chain as sent by server | #* Entire certificate chain as sent by server | ||
#* Domain of bad connection | #* Domain of bad connection | ||
#* Error Code | #* NSS Error Code | ||
#* User Agent, IP, Timestamp | #* User Agent, IP address, Timestamp | ||
# Add user interface for opt-in to send error info to Mozilla. | # Add user interface for opt-in to send error info to Mozilla. | ||
# Add back-end utilities to analyze the data. | # Add back-end utilities to analyze the data. | ||
Revision as of 23:46, 20 May 2013
Status
| SSL Error Reporting | |
| Stage | Design |
| Status | In progress |
| Release target | ` |
| Health | OK |
| Status note | Certificate pinning will use this. |
{{#set:Feature name=SSL Error Reporting
|Feature stage=Design |Feature status=In progress |Feature version=` |Feature health=OK |Feature status note=Certificate pinning will use this. }}
Team
| Product manager | Kathleen Wilson |
| Directly Responsible Individual | David Keeler |
| Lead engineer | David Keeler |
| Security lead | ` |
| Privacy lead | ` |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | ` |
| UX lead | ` |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | ` |
{{#set:Feature product manager=Kathleen Wilson
|Feature feature manager=David Keeler |Feature lead engineer=David Keeler |Feature security lead=` |Feature privacy lead=` |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=` }}
Open issues/risks
`
Stage 1: Definition
1. Feature overview
Add a "Report to Mozilla" option to the "Untrusted Connection" error page. bug 846501
2. Users & use cases
A user browses to a secure website, but gets the warning: "This Connection is Untrusted". The user views the technical details and sees that the error is due to an invalid security certificate, so they click on the option to send the error information to Mozilla for analysis.
Another use case will be when Certificate Pinning is available. When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browser, then an alert will be generated and sent to Mozilla to be stored and analyzed. There may be some false alarms, but if a real issue (such as MITM) is identified, the security-group should be alerted for further action.
3. Dependencies
This feature is not dependent on anything else, but Certificate Pinning will need this capability.
4. Requirements
The user should opt-in to send the information to Mozilla. Enough information needs to be sent to Mozilla to reproduce or sufficiently analyze the problem.
Non-goals
`
Stage 2: Design
5. Functional specification
Two phases:
- Add interface to "Untrusted Connection" for user to send error report to Mozilla.
- Certificate Pinning to use this ability to send the information back to Mozilla about certificate pinning violations.
6. User experience design
Potentially two phases:
- Update the "Untrusted Connection" error page to add the option to report the error to Mozilla.
- Possible separate user interface for when a Certificate Pinning violation is caught?
Stage 3: Planning
7. Implementation plan
- Look into using Bagheera to return the necessary information:
- Entire certificate chain as sent by server
- Domain of bad connection
- NSS Error Code
- User Agent, IP address, Timestamp
- Add user interface for opt-in to send error info to Mozilla.
- Add back-end utilities to analyze the data.
- If needed, additional UX changes for Certificate Pinning
8. Reviews
Security review
Privacy review
Localization review
`
Accessibility
`
Quality Assurance review
`
Operations review
Stage 4: Development
9. Implementation
Use Bagheera client. There is Bagheera client support for both desktop (as of Fx21) and Android (Fx23/24), so we should be able to generate a JSON payload and submit it for later analysis.
Stage 5: Release
10. Landing criteria
` {{#set:Feature open issues and risks=` |Feature overview=Add a "Report to Mozilla" option to the "Untrusted Connection" error page. bug 846501 |Feature users and use cases=A user browses to a secure website, but gets the warning: "This Connection is Untrusted". The user views the technical details and sees that the error is due to an invalid security certificate, so they click on the option to send the error information to Mozilla for analysis.
Another use case will be when Certificate Pinning is available. When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browser, then an alert will be generated and sent to Mozilla to be stored and analyzed. There may be some false alarms, but if a real issue (such as MITM) is identified, the security-group should be alerted for further action. |Feature dependencies=This feature is not dependent on anything else, but Certificate Pinning will need this capability. |Feature requirements=The user should opt-in to send the information to Mozilla. Enough information needs to be sent to Mozilla to reproduce or sufficiently analyze the problem. |Feature non-goals=` |Feature functional spec=Two phases:
- Add interface to "Untrusted Connection" for user to send error report to Mozilla.
- Certificate Pinning to use this ability to send the information back to Mozilla about certificate pinning violations.
|Feature ux design=Potentially two phases:
- Update the "Untrusted Connection" error page to add the option to report the error to Mozilla.
- Possible separate user interface for when a Certificate Pinning violation is caught?
|Feature implementation plan=# Look into using Bagheera to return the necessary information:
- Entire certificate chain as sent by server
- Domain of bad connection
- NSS Error Code
- User Agent, IP address, Timestamp
- Add user interface for opt-in to send error info to Mozilla.
- Add back-end utilities to analyze the data.
- If needed, additional UX changes for Certificate Pinning
|Feature security review=bug 846502 |Feature privacy review=bug 846506 |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=bug 865918 |Feature implementation notes=Use Bagheera client. There is Bagheera client support for both desktop (as of Fx21) and Android (Fx23/24), so we should be able to generate a JSON payload and submit it for later analysis. |Feature landing criteria=` }}
Feature details
| Priority | P1 |
| Rank | 999 |
| Theme / Goal | Security Leadership |
| Roadmap | Security |
| Secondary roadmap | ` |
| Feature list | ` |
| Project | ` |
| Engineering team | Security |
{{#set:Feature priority=P1
|Feature rank=999 |Feature theme=Security Leadership |Feature roadmap=Security |Feature secondary roadmap=` |Feature list=` |Feature project=` |Feature engineering team=Security }}
Team status notes
| status | notes | |
| Products | ` | ` |
| Engineering | ` | ` |
| Security | ` | ` |
| Privacy | ` | ` |
| Localization | ` | ` |
| Accessibility | ` | ` |
| Quality assurance | ` | ` |
| User experience | ` | ` |
| Product marketing | ` | ` |
| Operations | ` | ` |
{{#set:Feature products status=`
|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=` |Feature security health=` |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}