Confirm
110
edits
Changes
no edit summary
|Feature open issues and risks=NSS currently doesn't expose information exchanged during the initial client-server handshake. See bugs {{bug|704675}} and {{bug|704584}}
We have decided to collect a smaller subset of the data in the initial feature. The negotiated information may study will be sufficient for our usesupdated when more data is exposed through NSS.
|Feature overview=The goal of this telemetry study is to collect SSL/TLS related data that our users encounter in their daily browsing. This data can be used to decide whether Firefox should support legacy / less secure protocols such as weak keys or SSLv2 .
|Feature users and use cases=The target users are Firefox users.
**Domain mismatch, expired, untrusted issuer, etc
|Feature dependencies=N/A
|Feature requirements=The feature should not introduce additional attack surface for the browser.
|Feature non-goals=The study is not designed to assert anything about the underlying security of the SSL/TLS protocol.
|Feature ux design=The study uses the default Telemetry UI/UX. The only code changes are to add more probes. Histogram names / descriptions may need to be localized.
|Feature implementation plan=* Determine best areas of code to insert Telemetry probes
* Add probes as needed
|Feature security review=Security team has decided that the feature does not require an in-depth review
|Feature privacy review=Review is in progress. Please see [[Privacy/Reviews/Telemetry/SSL_Certificates_And_Errors|review page]]
|Feature qa review=No specific testing is needed for this feature
|Feature operations review=No operations changes need to be performed for this review
|Feature implementation notes=Implementation bug
* {{bug|707275}}
