Security/Features/SSL Error Reporting: Difference between revisions

Jump to navigation Jump to search

Security/Features/SSL Error Reporting (view source)

Revision as of 23:29, 20 May 2013

360 bytes added ,  20 May 2013
no edit summary
No edit summary
No edit summary
Line 16: Line 16:


Another use case will be when [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] is available. When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browser, then an alert will be generated and sent to Mozilla to be stored and analyzed. There may be some false alarms, but if a real issue (such as MITM) is identified, the security-group should be alerted for further action.
Another use case will be when [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] is available. When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browser, then an alert will be generated and sent to Mozilla to be stored and analyzed. There may be some false alarms, but if a real issue (such as MITM) is identified, the security-group should be alerted for further action.
|Feature dependencies=This feature is not dependent on anything else, but Cert Pinning will need this capability.
|Feature dependencies=This feature is not dependent on anything else, but [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] will need this capability.
|Feature requirements=The user should opt-in to send the information to Mozilla.
|Feature requirements=The user should opt-in to send the information to Mozilla.
Enough information needs to be sent to Mozilla for us to be able to reproduce or sufficiently analyze the problem.
Enough information needs to be sent to Mozilla for us to be able to reproduce or sufficiently analyze the problem.
|Feature functional spec=Two phases:
|Feature functional spec=Two phases:
# Add interface to "Untrusted Connection" for user to send error report to Mozilla.
# Add interface to "Untrusted Connection" for user to send error report to Mozilla.
# Cert Pinning to use this ability to send the information back to Mozilla about certificate pinning violations.
# [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] to use this ability to send the information back to Mozilla about certificate pinning violations.
|Feature ux design=Potentially two phases:
|Feature ux design=Potentially two phases:
# Update the "Untrusted Connection" error page to add the option to report the error to Mozilla.
# Update the "Untrusted Connection" error page to add the option to report the error to Mozilla.
# Possible specific user interface for when a Cert Pinning violation is caught.
# Possible separate user interface for when a [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] violation is caught?
|Feature implementation plan=# Look into using Bagheera to return the necessary information:
|Feature implementation plan=# Look into using Bagheera to return the necessary information:
#* Entire certificate chain as sent by server
#* Entire certificate chain as sent by server
Line 32: Line 32:
# Add user interface for opt-in to send error info to Mozilla.
# Add user interface for opt-in to send error info to Mozilla.
# Add back-end utilities to analyze the data.
# Add back-end utilities to analyze the data.
# If needed, additional UX changes for [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning]
|Feature security review={{Bug|846502}}
|Feature security review={{Bug|846502}}
|Feature privacy review={{Bug|846506}}
|Feature privacy review={{Bug|846506}}
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/658477"

Navigation menu