Confirmed users, Administrators
5,526
edits
Security/Features/SSL Error Reporting: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 14: | Line 14: | ||
|Feature overview=Add a "Report to Mozilla" option to the "Untrusted Connection" error page. {{Bug|846501}} | |Feature overview=Add a "Report to Mozilla" option to the "Untrusted Connection" error page. {{Bug|846501}} | ||
|Feature users and use cases=A user browses to a secure website, but gets the warning: "This Connection is Untrusted". The user views the technical details and sees that the error is due to an invalid security certificate, so they click on the option to send the error information to Mozilla for analysis. | |Feature users and use cases=A user browses to a secure website, but gets the warning: "This Connection is Untrusted". The user views the technical details and sees that the error is due to an invalid security certificate, so they click on the option to send the error information to Mozilla for analysis. | ||
|Feature dependencies=This feature is not dependent on anything else, but Cert Pinning will need this capability. | |Feature dependencies=This feature is not dependent on anything else, but Cert Pinning will need this capability. | ||
|Feature requirements=The user should opt-in to send the information to Mozilla. | |Feature requirements=The user should opt-in to send the information to Mozilla. | ||
Enough information needs to be sent to Mozilla for us to be able to reproduce or sufficiently analyze the problem. | Enough information needs to be sent to Mozilla for us to be able to reproduce or sufficiently analyze the problem. | ||
Another use case will be when [[CA_pinning_functionality | Certificate Pinning]] is available. When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browser, then an alert will be generated and sent to Mozilla to be stored and analyzed. There may be some false alarms, but if a real issue (such as MITM) is identified, the security-group should be alerted for further action. | |||
|Feature functional spec=Two phases: | |Feature functional spec=Two phases: | ||
# Add interface to "Untrusted Connection" for user to send error report to Mozilla. | # Add interface to "Untrusted Connection" for user to send error report to Mozilla. | ||
# Cert Pinning to use this ability to send the information back to Mozilla about certificate pinning violations. | # Cert Pinning to use this ability to send the information back to Mozilla about certificate pinning violations. | ||
|Feature ux design=Update the "Untrusted Connection" error page. | |Feature ux design=Potentially two phases: | ||
|Feature implementation plan= | # Update the "Untrusted Connection" error page to add the option to report the error to Mozilla. | ||
# Possible specific user interface for when a Cert Pinning violation is caught. | |||
|Feature implementation plan=# Look into using Bagheera to return the necessary information: | |||
* Entire certificate chain as sent by server | * Entire certificate chain as sent by server | ||
* Domain of bad connection | * Domain of bad connection | ||
* Error Code | * Error Code | ||
* User Agent, IP, Timestamp | * User Agent, IP, Timestamp | ||
# Add user interface for opt-in to send error info to Mozilla. | |||
# Add back-end utilities to analyze the data. | |||
|Feature security review={{Bug|846502}} | |Feature security review={{Bug|846502}} | ||
|Feature privacy review={{Bug|846506}} | |Feature privacy review={{Bug|846506}} | ||