Confirmed users, Administrators
5,526
edits
Security/Features/SSL Error Reporting: Difference between revisions
Jump to navigation
Jump to search
Security/Features/SSL Error Reporting (view source)
Revision as of 16:43, 9 September 2013
, 9 September 2013no edit summary
No edit summary |
No edit summary |
||
| Line 13: | Line 13: | ||
{{FeaturePageBody | {{FeaturePageBody | ||
|Feature overview=Add a "Report to Mozilla" option to the "Untrusted Connection" error page. {{Bug|846501}} | |Feature overview=Add a "Report to Mozilla" option to the "Untrusted Connection" error page. {{Bug|846501}} | ||
|Feature users and use cases=A user browses to a secure website, but gets the warning: "This Connection is Untrusted". | |Feature users and use cases=A user browses to a secure website, but gets the warning: "This Connection is Untrusted". If the user has already opted-in to sending telemetry data to Mozilla, then Mozilla telemetry with collect the appropriate information. | ||
Another use case will be when [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] is available. When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browser, then an alert will be | Another use case will be when [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] is available. When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browser, then an alert will be displayed to the user, and provide a "report to Mozilla" option. The user should be warned that their interaction with the website might be watched, so they should avoid entering personal data, but they should be able to accept the risk and go forward to the site. Note that the reporting mechanism could possibly get blocked by a malicious actor (or for some other reason), and if that happens the user should be notified that the reporting mechanism may be being blocked, and the information should be made available (in a file?) so the user can email or submit the information to us some other way. | ||
|Feature dependencies=Not necessarily a dependency, but need to keep in mind: | |Feature dependencies=Not necessarily a dependency, but need to keep in mind: | ||
* There's an [http://tools.ietf.org/html/draft-ietf-websec-key-pinning-04#section-3 IETF key-pinning draft] in the works that can report pinning errors. See {{Bug|846501#c5}}. If we use a format for the general SSL error reporting that is compatible with the IETF standard for reporting key pinning errors, we may be able to avoid writing that code twice. | * There's an [http://tools.ietf.org/html/draft-ietf-websec-key-pinning-04#section-3 IETF key-pinning draft] in the works that can report pinning errors. See {{Bug|846501#c5}}. If we use a format for the general SSL error reporting that is compatible with the IETF standard for reporting key pinning errors, we may be able to avoid writing that code twice. | ||
* [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] will need this capability. | * [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] will need this capability. | ||
|Feature requirements= | |Feature requirements=Use telemetry permission settings for non-pinning errors. For Pinning errors, the user should opt-in to send the information to Mozilla. | ||
Enough information needs to be sent to Mozilla to reproduce or sufficiently analyze the problem. | Enough information needs to be sent to Mozilla to reproduce or sufficiently analyze the problem. | ||
|Feature functional spec=Two | |Feature functional spec=Two parts: | ||
# Add | # Add telemetry collection to the "Untrusted Connection" error, using the regular telemetry permission settings. | ||
# [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] | # [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] will need a way for the user (regardless of if their telemetry permissions are set) to report certificate pinning violations to Mozilla. | ||
|Feature ux design= | |Feature ux design=Two parts: | ||
# | # Collecting telemetry data from the "Untrusted Connection" error page probably does not require any user interface change. | ||
# | # New user interface for reporting [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] violations. | ||
|Feature implementation plan=# Implement the capability to return the necessary information (Look into using Bagheera.) | |Feature implementation plan=# Implement the capability to return the necessary information (Look into using Bagheera.) | ||
#* Entire certificate chain as sent by server | #* Entire certificate chain as sent by server | ||
| Line 32: | Line 32: | ||
#* NSS Error Code | #* NSS Error Code | ||
#* User Agent, IP address, Timestamp | #* User Agent, IP address, Timestamp | ||
# | # UX changes for [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] error reporting | ||
# Add back-end utilities to analyze the data. | # Add back-end utilities to analyze the data. | ||
|Feature security review={{Bug|846502}} | |Feature security review={{Bug|846502}} | ||
|Feature privacy review={{Bug|846506}} | |Feature privacy review={{Bug|846506}} | ||