Confirm
110
edits
Changes
no edit summary
**Domain mismatch, expired, untrusted issuer, etc
|Feature dependencies=N/A
|Feature requirements=The feature should not introduce additional attack surface for the browser.# Collect type of SSL/TLS error# Collect information about strength of negotiated channel
|Feature non-goals=The study is not designed to assert anything about the underlying security of the SSL/TLS protocol.
|Feature functional spec=All SSL/TLS certificate related errors will be logged. Certain more specific errors such as domain mismatch, revoked certificate, untrusted issuer, etc will be collected as well. We will also collect the number of OK vs FAIL secure connections. These histograms will used to address requirement 1 (SSL/TLS errors).
We will determine the strength of the negotiated channel by collecting: negotiated ciphersuite, SSL/TLS version, server public key bits, whether the server is TLS intolerant.
|Feature ux design=The study uses the default Telemetry UI/UX. The only code changes are to add more probes. Histogram names / descriptions may need to be localized.
|Feature implementation plan=* Determine best areas of code to insert Telemetry probes
