Confirmed users
110
edits
Security/Features/TLS Telemetry: Difference between revisions
Jump to navigation
Jump to search
Security/Features/TLS Telemetry (view source)
Revision as of 19:45, 14 December 2011
, 14 December 2011no edit summary
No edit summary |
No edit summary |
||
| Line 18: | Line 18: | ||
|Feature open issues and risks=NSS currently doesn't expose information exchanged during the initial client-server handshake. See bugs {{bug|704675}} and {{bug|704584}} | |Feature open issues and risks=NSS currently doesn't expose information exchanged during the initial client-server handshake. See bugs {{bug|704675}} and {{bug|704584}} | ||
The | We have decided to collect a smaller subset of the data in the initial feature. The study will be updated when more data is exposed through NSS. | ||
|Feature overview=The goal of this telemetry study is to collect SSL/TLS related data that our users encounter in their daily browsing. This data can be used to decide whether Firefox should support legacy / less secure protocols such as weak keys or SSLv2 . | |Feature overview=The goal of this telemetry study is to collect SSL/TLS related data that our users encounter in their daily browsing. This data can be used to decide whether Firefox should support legacy / less secure protocols such as weak keys or SSLv2 . | ||
|Feature users and use cases=The target users are Firefox users. | |Feature users and use cases=The target users are Firefox users. | ||
| Line 30: | Line 30: | ||
**Domain mismatch, expired, untrusted issuer, etc | **Domain mismatch, expired, untrusted issuer, etc | ||
|Feature dependencies=N/A | |Feature dependencies=N/A | ||
|Feature requirements=The feature should not introduce additional attack surface for the browser. | |||
|Feature non-goals=The study is not designed to assert anything about the underlying security of the SSL/TLS protocol. | |||
|Feature ux design=The study uses the default Telemetry UI/UX. The only code changes are to add more probes. Histogram names / descriptions may need to be localized. | |Feature ux design=The study uses the default Telemetry UI/UX. The only code changes are to add more probes. Histogram names / descriptions may need to be localized. | ||
|Feature implementation plan=* Determine best areas of code to insert Telemetry probes | |||
* Add probes as needed | |||
|Feature security review=Security team has decided that the feature does not require an in-depth review | |||
|Feature privacy review=Review is in progress. Please see [[Privacy/Reviews/Telemetry/SSL_Certificates_And_Errors|review page]] | |Feature privacy review=Review is in progress. Please see [[Privacy/Reviews/Telemetry/SSL_Certificates_And_Errors|review page]] | ||
|Feature qa review=No specific testing is needed for this feature | |||
|Feature operations review=No operations changes need to be performed for this review | |||
|Feature implementation notes=Implementation bug | |Feature implementation notes=Implementation bug | ||
* {{bug|707275}} | * {{bug|707275}} | ||