Security/Features/TLS Telemetry: Difference between revisions

Security/Features/TLS Telemetry (view source)

Revision as of 19:33, 14 December 2011

1,400 bytes removed , 14 December 2011

no edit summary

Dchan

Confirmed users

110

edits

@@ Line 1: / Line 1: @@
 {{FeatureStatus
 |Feature name=TLS Telemetry
-|Feature stage=Draft
+|Feature stage=Development
 |Feature status=In progress
 |Feature version=Firefox 11
-|Feature health=OK
+|Feature health=At risk
+|Feature status note=Waiting for feature review
 }}
 {{FeatureTeam
@@ Line 18: / Line 19: @@
 The negotiated information may be sufficient for our uses.
 |Feature overview=The goal of this telemetry study is to collect SSL/TLS related data that our users encounter in their daily browsing. This data can be used to decide whether Firefox should support legacy / less secure protocols such as weak keys or SSLv2 .
 |Feature users and use cases=The target users are Firefox users.
@@ Line 28: / Line 29: @@
 **What kind of errors are our users encountering?
 **Domain mismatch, expired, untrusted issuer, etc
+|Feature dependencies=N/A
+|Feature ux design=The study uses the default Telemetry UI/UX. The only code changes are to add more probes. Histogram names / descriptions may need to be localized.
 |Feature privacy review=Review is in progress. Please see [[Privacy/Reviews/Telemetry/SSL_Certificates_And_Errors|review page]]
 |Feature implementation notes=Implementation bug
 * {{bug|707275}}
-Files modified
-* docshell/base/nsDocShell.cpp
-* docshell/base/nsDocShell.h
-* security/manager/ssl/src/nsNSSCallbacks.cpp
-* toolkit/components/telemetry/TelemetryHistograms.h
-Explanation of values collected
+* Data collected is noted on the privacy [[Privacy/Reviews/Telemetry/SSL_Certificates_And_Errors|review page]]
-* SSL/TLS Version
-- Unknown SSL/TLS Version
-- Not Used
-- SSLv2
-- SSLv3
-- SSLv3.1 / TLS 1.0
-* Negotiated Ciphersuite
-** The values are an index mapping to the array SSL_ImplementedCiphers in [http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ssl/sslenum.c sslenum.c]
-** If elliptic curve cryptography (ECC) is not enabled at compile time, then the values are stored as index + 256. This leaks some information about a user's build.
-** Retrieving the ciphersuite from the data involves performing a lookup in the table, adjusting for ECC if needed.
-* Generic SSL/TLS Certificate Error
-** Below values are defined in [http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/public/nsIX509Cert.idl nsIX509Cert.idl]
-** Mapping of below errors to NSS SEC_* errors can be found in [http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsNSSCertificate.cpp nsNSSCertificate.cpp]
-- NOT_VERIFIED_UNKNOWN
-- CERT_REVOKED
-- CERT_EXPIRED
-- CERT_NOT_TRUSTED
-- ISSUER_NOT_TRUSTED
-- ISSUER_UNKNOWN
-- INVALID_CA
-- USAGE_NOT_ALLOWED
-* Detailed SSL/TLS Certificate Error
-** The above generic errors may map to more specific errors
-** More than one of the below errors can occur. The resulting value will be the bitwise-or of the applicable flags
-*** Self-signed and untrusted can not occur at the same time
-- Self-signed Certificate
-- Untrusted Issuer
-- Domain Mismatch
-- Invalid Time (expired / not valid yet)
-* Server RSA Public Key Modulus
-- Server doesn't use RSA
- n - # of bits in server modulus
 }}
 {{FeatureInfo
 |Feature priority=Unprioritized
+|Feature list=Desktop
 |Feature engineering team=Security
 }}

Security/Features/TLS Telemetry: Difference between revisions

Security/Features/TLS Telemetry (view source)

Revision as of 19:33, 14 December 2011

Navigation menu

Search