Security/Features/SSL Error Reporting
|SSL Error Reporting|
|Status note||Certificate pinning will use this.|
|Product manager||Kathleen Wilson|
|Directly Responsible Individual||David Keeler|
|Lead engineer||David Keeler|
|Product marketing lead||`|
Stage 1: Definition
1. Feature overview
Add a "Report to Mozilla" option to the "Untrusted Connection" error page. bug 846501
2. Users & use cases
A user browses to a secure website, but gets the warning: "This Connection is Untrusted". If the user has already opted-in to sending telemetry data to Mozilla, then Mozilla telemetry will collect the appropriate information.
Another use case will be when Certificate Pinning is available. When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browser, then an alert will be displayed to the user, and provide a "report to Mozilla" option. The user should be warned that their interaction with the website might be watched, so they should avoid entering personal data, but they should be able to accept the risk and go forward to the site. Note that the reporting mechanism could possibly get blocked by a malicious actor (or for some other reason), and if that happens the user should be notified that the reporting mechanism may be being blocked, and the information should be made available (in a file?) so the user can email or submit the information to us some other way.
Not necessarily a dependency, but need to keep in mind:
- There's an IETF key-pinning draft in the works that can report pinning errors. See bug 846501#c5. If we use a format for the general SSL error reporting that is compatible with the IETF standard for reporting key pinning errors, we may be able to avoid writing that code twice.
- Certificate Pinning will need this capability.
Use telemetry permission settings for non-pinning errors. For Pinning errors, the user should opt-in to send the information to Mozilla. Enough information needs to be sent to Mozilla to reproduce or sufficiently analyze the problem.
Stage 2: Design
5. Functional specification
- Add telemetry collection to the "Untrusted Connection" error, using the regular telemetry permission settings.
- Certificate Pinning will need a way for the user (regardless of if their telemetry permissions are set) to report certificate pinning violations to Mozilla.
6. User experience design
- Collecting telemetry data from the "Untrusted Connection" error page probably does not require any user interface change.
- New user interface for reporting Certificate Pinning violations.
Stage 3: Planning
7. Implementation plan
- Implement the capability to return the necessary information (Look into using Bagheera.)
- Entire certificate chain as sent by server
- Domain of bad connection
- NSS Error Code
- User Agent, IP address, Timestamp
- UX changes for Certificate Pinning error reporting
- Add back-end utilities to analyze the data.
Quality Assurance review
Stage 4: Development
Use Bagheera client. There is Bagheera client support for both desktop (as of Fx21) and Android (Fx23/24), so we should be able to generate a JSON payload and submit it for later analysis.
Stage 5: Release
10. Landing criteria
|Theme / Goal||TLS Hardening|
Team status notes