Security/Features/SSL Error Reporting: Difference between revisions

Security/Features/SSL Error Reporting (view source)

No change in size , 21 May 2013

no edit summary

Confirmed users, Administrators

5,526

edits

@@ Line 17: / Line 17: @@
 Another use case will be when [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] is available. When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browser, then an alert will be generated and sent to Mozilla to be stored and analyzed. There may be some false alarms, but if a real issue (such as MITM) is identified, the security-group should be alerted for further action.
 |Feature dependencies=Not necessarily a dependency, but need to keep in mind:
-* There's an [http://tools.ietf.org/html/draft-ietf-websec-key-pinning-04#section-3 IETF key-pinning draft] in the works that can report pinning errors. See {{Bug|846501#c5}}. If we use a format for the general SSL error reporting that is compatible with the IETF standard for reporting key pinning
+* There's an [http://tools.ietf.org/html/draft-ietf-websec-key-pinning-04#section-3 IETF key-pinning draft] in the works that can report pinning errors. See {{Bug|846501#c5}}. If we use a format for the general SSL error reporting that is compatible with the IETF standard for reporting key pinning errors, we may be able to avoid writing that code twice.
-errors, we may be able to avoid writing that code twice.
 * [https://wiki.mozilla.org/Security/Features/CA_pinning_functionality Certificate Pinning] will need this capability.
 |Feature requirements=The user should opt-in to send the information to Mozilla.