MozillaWiki

Security/Features/SSL Error Reporting: Difference between revisions

Page Discussion

Security/Features/SSL Error Reporting (view source)

Revision as of 16:52, 9 September 2013

1,163 bytes added ,  9 September 2013
no edit summary
No edit summary
No edit summary
 
(9 intermediate revisions by 2 users not shown)
Line 13: Line 13:
{{FeaturePageBody
{{FeaturePageBody
|Feature overview=Add a "Report to Mozilla" option to the "Untrusted Connection" error page. {{Bug|846501}}
|Feature overview=Add a "Report to Mozilla" option to the "Untrusted Connection" error page. {{Bug|846501}}
|Feature users and use cases=A user browses to a secure website, but gets the warning: "This Connection is Untrusted". The user views the technical details and sees that the error is due to an invalid security certificate, so they click on the option to send the error information to Mozilla for analysis.
|Feature users and use cases=A user browses to a secure website, but gets the warning: "This Connection is Untrusted". If the user has already opted-in to sending telemetry data to Mozilla, then Mozilla telemetry will collect the appropriate information.


Another use case will be when [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] is available. When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browser, then an alert will be generated and sent to Mozilla to be stored and analyzed. There may be some false alarms, but if a real issue (such as MITM) is identified, the security-group should be alerted for further action.
Another use case will be when [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] is available. When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browser, then an alert will be displayed to the user, and provide a "report to Mozilla" option. The user should be warned that their interaction with the website might be watched, so they should avoid entering personal data, but they should be able to accept the risk and go forward to the site. Note that the reporting mechanism could possibly get blocked by a malicious actor (or for some other reason), and if that happens the user should be notified that the reporting mechanism may be being blocked, and the information should be made available (in a file?) so the user can email or submit the information to us some other way.
|Feature dependencies=This feature is not dependent on anything else, but Cert Pinning will need this capability.
|Feature dependencies=Not necessarily a dependency, but need to keep in mind:
|Feature requirements=The user should opt-in to send the information to Mozilla.
* There's an [http://tools.ietf.org/html/draft-ietf-websec-key-pinning-04#section-3 IETF key-pinning draft] in the works that can report pinning errors. See {{Bug|846501#c5}}. If we use a format for the general SSL error reporting that is compatible with the IETF standard for reporting key pinning errors, we may be able to avoid writing that code twice.
Enough information needs to be sent to Mozilla for us to be able to reproduce or sufficiently analyze the problem.
* [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] will need this capability.
|Feature functional spec=Two phases:
|Feature requirements=Use telemetry permission settings for non-pinning errors. For Pinning errors, the user should opt-in to send the information to Mozilla.
# Add interface to "Untrusted Connection" for user to send error report to Mozilla.
Enough information needs to be sent to Mozilla to reproduce or sufficiently analyze the problem.
# Cert Pinning to use this ability to send the information back to Mozilla about certificate pinning violations.
|Feature functional spec=Two parts:
|Feature ux design=Potentially two phases:
# Add telemetry collection to the "Untrusted Connection" error, using the regular telemetry permission settings.
# Update the "Untrusted Connection" error page to add the option to report the error to Mozilla.
# [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] will need a way for the user (regardless of if their telemetry permissions are set) to report certificate pinning violations to Mozilla.
# Possible specific user interface for when a Cert Pinning violation is caught.
|Feature ux design=Two parts:
|Feature implementation plan=# Look into using Bagheera to return the necessary information:
# Collecting telemetry data from the "Untrusted Connection" error page probably does not require any user interface change.
# New user interface for reporting [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] violations.
|Feature implementation plan=# Implement the capability to return the necessary information (Look into using Bagheera.)
#* Entire certificate chain as sent by server
#* Entire certificate chain as sent by server
#* Domain of bad connection
#* Domain of bad connection
#* Error Code  
#* NSS Error Code  
#* User Agent, IP, Timestamp
#* User Agent, IP address, Timestamp
# Add user interface for opt-in to send error info to Mozilla.
# UX changes for [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] error reporting
# Add back-end utilities to analyze the data.
# Add back-end utilities to analyze the data.
|Feature security review={{Bug|846502}}
|Feature security review={{Bug|846502}}
Line 39: Line 41:
{{FeatureInfo
{{FeatureInfo
|Feature priority=P1
|Feature priority=P1
|Feature theme=Security Leadership
|Feature theme=TLS Hardening
|Feature roadmap=Security
|Feature roadmap=Security
|Feature engineering team=Security
|Feature engineering team=Security
}}
}}
{{FeatureTeamStatus}}
{{FeatureTeamStatus}}
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/658476...705052"