Privacy/Features/Handshake checkpoint API
|Create API for add-ons and components that provides check-point between TLS/SSL handshake and HTTP request|
|Product manager||Sid Stamm|
|Directly Responsible Individual||Peter Eckersley|
|Lead engineer||Honza Bombas|
|Privacy lead||Sid Stamm|
|Product marketing lead||`|
|Additional members||Brian Smith|
Stage 1: Definition
1. Feature overview
Create API for add-ons and components that provides check-point between TLS/SSL handshake and HTTP request, allowing add-ons greater scrutiny of secure connections before they are used. This feature also would expose the controls to add-ons so they can implement an alternate certificate-validation path that's not dependent on our existing PKI and root certificate program.
2. Users & use cases
Convergence: Moxie would really like an API like this for simplifying the Convergence (http://convergence.io) add-on implementation. He had to "jump through some pretty prolific hoops in order to replace the browser's default certificate validation with my own."
- bug 644640: Implement extension point for extensions to influence trust decisions in PSM
- This will not replace our existing PKI/CA program
- This is not affecting stuff outside the TLS layer of HTTPS connections.
- This is not adding additional UI over the DV/EV SSL indicators.
Stage 2: Design
5. Functional specification
6. User experience design
Stage 3: Planning
7. Implementation plan
Quality Assurance review
Stage 4: Development
Stage 5: Release
10. Landing criteria
|Theme / Goal||Product Hardening|
Team status notes