Privacy/Features/HttpsGoogleSearch
Status
| HTTPS (SSL) Google Search | |
| Stage | Complete |
| Status | In progress |
| Release target | Firefox 14 |
| Health | OK |
| Status note | ` |
{{#set:Feature name=HTTPS (SSL) Google Search
|Feature stage=Complete |Feature status=In progress |Feature version=Firefox 14 |Feature health=OK |Feature status note=` }}
Team
| Product manager | Sid Stamm |
| Directly Responsible Individual | Sid Stamm |
| Lead engineer | Sid Stamm |
| Security lead | Curtis Koenig |
| Privacy lead | Sid Stamm |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | ` |
| UX lead | ` |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | ` |
{{#set:Feature product manager=Sid Stamm
|Feature feature manager=Sid Stamm |Feature lead engineer=Sid Stamm |Feature security lead=Curtis Koenig |Feature privacy lead=Sid Stamm |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=` }}
Open issues/risks
- Responsiveness: HTTPS connections have a longer handshake time than HTTP connections. If we deploy Open Search right, we can cut a redirect out of the search submission process which will counteract any handshake-caused slowdown.
- Availability: HTTPS is potentially not available to all locales for Google search.
Stage 1: Definition
1. Feature overview
Update Google search in Firefox, Fennec and B2G (search box, location bar, context-menu, about:home) to use encrypted (SSL) search by default.
2. Users & use cases
This feature increases secrecy of the search queries submitted by users (by hiding them from network eavesdroppers).
3. Dependencies
`
4. Requirements
- Must be reasonably responsive/fast (users must not notice a meaningful difference)
- Search suggestions must also be transmitted via HTTPS
- Service availability must be on par with today's HTTP search
Non-goals
- This will not update other search engines to be HTTPS
- This will not change how users are presented search interfaces
Stage 2: Design
5. Functional specification
Google searches from the context menu, awesomebar, and search box will all go to HTTPS URLs. Search suggestions will also go to HTTPS endpoints.
6. User experience design
No change in UX.
Stage 3: Planning
7. Implementation plan
Land on nightly, then update other Google search plugins (other locales, etc) to use HTTPS as well.
8. Reviews
Security review
`
Privacy review
`
Localization review
`
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
see bug 633773
Stage 5: Release
10. Landing criteria
- Google servers ready for traffic
- Test implementation is acceptably responsive
{{#set:Feature open issues and risks=* Responsiveness: HTTPS connections have a longer handshake time than HTTP connections. If we deploy Open Search right, we can cut a redirect out of the search submission process which will counteract any handshake-caused slowdown.
- Availability: HTTPS is potentially not available to all locales for Google search.
|Feature overview=Update Google search in Firefox, Fennec and B2G (search box, location bar, context-menu, about:home) to use encrypted (SSL) search by default. |Feature users and use cases=This feature increases secrecy of the search queries submitted by users (by hiding them from network eavesdroppers). |Feature dependencies=` |Feature requirements=* Must be reasonably responsive/fast (users must not notice a meaningful difference)
- Search suggestions must also be transmitted via HTTPS
- Service availability must be on par with today's HTTP search
|Feature non-goals=* This will not update other search engines to be HTTPS
- This will not change how users are presented search interfaces
|Feature functional spec=Google searches from the context menu, awesomebar, and search box will all go to HTTPS URLs. Search suggestions will also go to HTTPS endpoints. |Feature ux design=No change in UX. |Feature implementation plan=Land on nightly, then update other Google search plugins (other locales, etc) to use HTTPS as well. |Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=see bug 633773 |Feature landing criteria=* Google servers ready for traffic
- Test implementation is acceptably responsive
}}
Feature details
| Priority | P1 |
| Rank | 1 |
| Theme / Goal | HTTPS By Default |
| Roadmap | Security |
| Secondary roadmap | Platform |
| Feature list | ` |
| Project | ` |
| Engineering team | Privacy |
{{#set:Feature priority=P1
|Feature rank=1 |Feature theme=HTTPS By Default |Feature roadmap=Security |Feature secondary roadmap=Platform |Feature list=` |Feature project=` |Feature engineering team=Privacy }}
Team status notes
| status | notes | |
| Products | ` | ` |
| Engineering | ` | ` |
| Security | sec-review-unnecessary | ` |
| Privacy | ` | ` |
| Localization | ` | ` |
| Accessibility | ` | ` |
| Quality assurance | ` | ` |
| User experience | ` | ` |
| Product marketing | ` | ` |
| Operations | ` | ` |
{{#set:Feature products status=`
|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=sec-review-unnecessary |Feature security health=OK |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}