SecurityEngineering/2014/Q4Goals: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 9: | Line 9: | ||
* {{new|Use LoadInfo to implement MCB for HTTP redirects}} (dri=tanvi) | * {{new|Use LoadInfo to implement MCB for HTTP redirects}} (dri=tanvi) | ||
* {{new|Implement Next Block of CSP Level 2.0 features}} (dri=sstamm,ckerschb) | * {{new|Implement Next Block of CSP Level 2.0 features}} (dri=sstamm,ckerschb) | ||
** ( | ** Work to fix spec to have child-src directive we want | ||
** Implement form-action directive | |||
** Implement referrer directive (depends on {{bug|704320}}) | |||
** Fix frame-ancestors mapping | |||
** Work to fix spec about blob urls | |||
* {{new|Initial Implementation of sub-resource integrity}} ({{bug|992096}}) (dri=francois) | * {{new|Initial Implementation of sub-resource integrity}} ({{bug|992096}}) (dri=francois) | ||
== Tracking Protection == | == Tracking Protection == | ||
Revision as of 18:46, 16 October 2014
This is a heavy-Implement quarter (as opposed to the other strategic actions in our SecurityEngineering/Strategy).
Content Security
- Outcome
- More robust security hooks for better correctness in content security features like CSP, adblock, etc.
- Who
- Tanvi, Christoph, Garrett, Sid, Francois
- [NEW] Add LoadInfo to Gecko-owned JS callers (dri=ckerschb,tanvi)
- [NEW] Use LoadInfo to implement MCB for HTTP redirects (dri=tanvi)
- [NEW] Implement Next Block of CSP Level 2.0 features (dri=sstamm,ckerschb)
- Work to fix spec to have child-src directive we want
- Implement form-action directive
- Implement referrer directive (depends on bug 704320)
- Fix frame-ancestors mapping
- Work to fix spec about blob urls
- [NEW] Initial Implementation of sub-resource integrity (bug 992096) (dri=francois)
Tracking Protection
- Outcome
- Better user control (and site control) over metadata on the wire and collected by third parties.
- Who
- Sid
- [CARRY OVER] Finish <meta> referrer (dri=sid)
Addon Security
Desired Outcome: TBD
Goals:
- TBD (dri=dveditz)
Communications Security
- Outcome
- Fresher/more accurate revocation information and progress towards defeating certificate misissuance and Man-In-The-Middle attacks.
- Who
- Richard, Kathleen, Keeler, Monica, JC, Mark
- [NEW] Add more BR checking (some combination of giving errors during path building, wall of shame, console warnings -- tbd) (dri=dkeeler)
- [NEW] Identify what of Certificate Transparency we must/should deploy (dri=rbarnes)
- [NEW] Complete phase 1 of migration to CA database (dri=kwilson)
- [NEW] [stretch] Import mozilla::pkix to a branch of NSS (dri=jcjones)
- [NEW] [stretch] Add ability to name constrain more root CAs (dri=dkeeler)
- [NEW] [stretch] Add security warnings about SHA-1 to Web Console (dri=mgoodwin)
QE (tracking)
We also track security related QE goals. (section owner=mwobensmith)
- Official list
- (link TBD)
- Tool telemetry of SSL errors/over-rides to watch for outliers, e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=1058812#c42 (dri=matt)
- https://lists.mozilla.org/listinfo/dev-telemetry-alerts
- Setup SSL compatibility testing to be run at the beginning of Beta for each branch. (dri=matt)
- Figure out how to take the cert caching into account when running SSL compatibility tests (dri=matt)