Privacy/Reviews/Telemetry/SSL Certificates And Errors

From MozillaWiki
Jump to: navigation, search

This page documents one type of data collected by telemetry: what is collected, the problem we seek to solve by collecting the data, and how we minimize any risks to users' privacy in deploying the measurement.


Engineering Contact: David Chan
Product Contact: David Chan
Privacy Contact: Sid Stamm
Document State: [ON TRACK]

Problem Statement

What problem will this solve?

  1. Does a significant percentage of our userbase visit sites with weak encryption e.g. < 512bit RSA, < SSLv3, weak ciphers?
  2. What kind of certificate related errors are our user's encountering?

Measurement to Collect

See bug 707275

We will collect five categories of data in nine histograms

  • SSL/TLS Version
0 - Unknown SSL/TLS Version
1 - Not Used
2 - SSLv2
3 - SSLv3
4 - SSLv3.1 / TLS 1.0
  • Negotiated Ciphersuite
    • All implemented ciphersuites will be collected, though partitioned into different histograms
      • These are SSLv3+ ciphersuites that are less than 0x0100
      • These are SSLv2 / informational ciphersuites that which start with either 0xFE or 0xFF
      • These are ECC ciphers that start with 0xC0
    • Converting from a bucket to ciphersuite involves taking the bitwise-or of the high-bit for histogram and the bucket.
      • There are no collisions in the CIPHERSUITE_OTHER case for now.
n - Index into ciphersuite partition
  • Error
      • Errors of the form SSL_ERROR_x defined in sslerr.h
      • error base = (-0x3000)
      • Errors of the form SEC_ERROR_x defined in secerr.h
      • error base = (-0x2000)
      • Errors of the form PR_x defined in prerr.h
      • error base = (-6000L)
n - ErrorCode adjusted by appropriate error base
  • Server RSA Public Key Modulus
0 - Server doesn't use RSA
n - # of bits in server modulus
  • SSL/TLS Intolerant site
    • Logs connection attempts to sites which do not implement TLS properly
1 - Server is intolerant

Privacy Considerations

This section will contain potential privacy risks and measures taken to minimize them. The privacy contact will fill this out.

Consent and Privacy Policy Considerations

This section contains notation of any changes to privacy policies or user opt-in/opt-out consent UX that is updated to include this measurement. The privacy contact will fill this out.

Alignment with Operating Principles

This section briefly describes how the measurement and technique lines up with our operating principles. The privacy contact will fill this out.'

Transparency / No Surprises 
Real Choice 
Sensible Defaults 
Limited Data