Privacy/Features/Handshake checkpoint API
Status
| Create API for add-ons and components that provides check-point between TLS/SSL handshake and HTTP request | |
| Stage | On hold |
| Status | In progress |
| Release target | ` |
| Health | OK |
| Status note | ` |
{{#set:Feature name=Create API for add-ons and components that provides check-point between TLS/SSL handshake and HTTP request
|Feature stage=On hold |Feature status=In progress |Feature version=` |Feature health=OK |Feature status note=` }}
Team
| Product manager | Sid Stamm |
| Directly Responsible Individual | Peter Eckersley |
| Lead engineer | Honza Bombas |
| Security lead | ` |
| Privacy lead | Sid Stamm |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | ` |
| UX lead | ` |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | Brian Smith |
{{#set:Feature product manager=Sid Stamm
|Feature feature manager=Peter Eckersley |Feature lead engineer=Honza Bombas |Feature security lead=` |Feature privacy lead=Sid Stamm |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=Brian Smith }}
Open issues/risks
`
Stage 1: Definition
1. Feature overview
Create API for add-ons and components that provides check-point between TLS/SSL handshake and HTTP request, allowing add-ons greater scrutiny of secure connections before they are used. This feature also would expose the controls to add-ons so they can implement an alternate certificate-validation path that's not dependent on our existing PKI and root certificate program.
2. Users & use cases
Convergence: Moxie would really like an API like this for simplifying the Convergence (http://convergence.io) add-on implementation. He had to "jump through some pretty prolific hoops in order to replace the browser's default certificate validation with my own."
3. Dependencies
- bug 644640: Implement extension point for extensions to influence trust decisions in PSM
4. Requirements
`
Non-goals
- This will not replace our existing PKI/CA program
- This is not affecting stuff outside the TLS layer of HTTPS connections.
- This is not adding additional UI over the DV/EV SSL indicators.
Stage 2: Design
5. Functional specification
`
6. User experience design
`
Stage 3: Planning
7. Implementation plan
`
8. Reviews
Security review
`
Privacy review
`
Localization review
`
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
`
Stage 5: Release
10. Landing criteria
` {{#set:Feature open issues and risks=` |Feature overview=Create API for add-ons and components that provides check-point between TLS/SSL handshake and HTTP request, allowing add-ons greater scrutiny of secure connections before they are used. This feature also would expose the controls to add-ons so they can implement an alternate certificate-validation path that's not dependent on our existing PKI and root certificate program. |Feature users and use cases=Convergence: Moxie would really like an API like this for simplifying the Convergence (http://convergence.io) add-on implementation. He had to "jump through some pretty prolific hoops in order to replace the browser's default certificate validation with my own." |Feature dependencies=* bug 644640: Implement extension point for extensions to influence trust decisions in PSM |Feature requirements=` |Feature non-goals=* This will not replace our existing PKI/CA program
- This is not affecting stuff outside the TLS layer of HTTPS connections.
- This is not adding additional UI over the DV/EV SSL indicators.
|Feature functional spec=` |Feature ux design=` |Feature implementation plan=` |Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=` |Feature landing criteria=` }}
Feature details
| Priority | P3 |
| Rank | 999 |
| Theme / Goal | Product Hardening |
| Roadmap | Security |
| Secondary roadmap | ` |
| Feature list | Platform |
| Project | ` |
| Engineering team | Networking |
{{#set:Feature priority=P3
|Feature rank=999 |Feature theme=Product Hardening |Feature roadmap=Security |Feature secondary roadmap=` |Feature list=Platform |Feature project=` |Feature engineering team=Networking }}
Team status notes
| status | notes | |
| Products | ` | ` |
| Engineering | ` | ` |
| Security | ` | ` |
| Privacy | ` | ` |
| Localization | ` | ` |
| Accessibility | ` | ` |
| Quality assurance | ` | ` |
| User experience | ` | ` |
| Product marketing | ` | ` |
| Operations | ` | ` |
{{#set:Feature products status=`
|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=` |Feature security health=` |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}