SecurityEngineering/2014/Q1Goals: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
No edit summary |
||
| Line 6: | Line 6: | ||
(Also linked from [[Platform/2014-Q1-Goals#Security_.26_Privacy]]) | (Also linked from [[Platform/2014-Q1-Goals#Security_.26_Privacy]]) | ||
==Tracking Protection== | ===Tracking Protection=== | ||
* Outcome: Users can import a list of content to block. | * Outcome: Users can import a list of content to block. | ||
* Who: mmc, grobinson | * Who: mmc, grobinson | ||
** (mmc) Extend nsChannelClassifier to block network loads from tracking domains based on a remote list. | ** (mmc) Extend nsChannelClassifier to block network loads from tracking domains based on a remote list. | ||
==Security Feature Compatibility and Performance== | ===Security Feature Compatibility and Performance=== | ||
* Outcome: improve app loading time on B2G and page load times on desktop | * Outcome: improve app loading time on B2G and page load times on desktop | ||
* Who: ckerschb, grobinson, sid | * Who: ckerschb, grobinson, sid | ||
| Line 17: | Line 17: | ||
** (grobinson) deprecation plan for old parser | ** (grobinson) deprecation plan for old parser | ||
==Cert Revocation== | ===Cert Revocation=== | ||
* Outcome: measure feasibility of pinning mozilla properties | * Outcome: measure feasibility of pinning mozilla properties | ||
* Who: briansmith, cviecco | * Who: briansmith, cviecco | ||
| Line 25: | Line 25: | ||
** BONUS: (keeler) land cert error reporting ("report this to Mozilla") + collection infrastructure | ** BONUS: (keeler) land cert error reporting ("report this to Mozilla") + collection infrastructure | ||
==Sandboxing== | ===Sandboxing=== | ||
* Outcome: tighter sandbox, removes more access from child process | * Outcome: tighter sandbox, removes more access from child process | ||
* Who: kang, bbondy, ckerschb | * Who: kang, bbondy, ckerschb | ||
** (kang) nail down path to remoting file access (so we can remove OPEN syscall from sandbox) | ** (kang) nail down path to remoting file access (so we can remove OPEN syscall from sandbox) | ||
** (bbondy) and equivalent file access control for windows. | ** (bbondy) and equivalent file access control for windows. | ||
Revision as of 20:23, 13 December 2013
|
THIS PAGE IS A WORKING DRAFT | 
|
| The page may be difficult to navigate, and some information on its subject might be incomplete and/or evolving rapidly. If you have any questions or ideas, please add them as a new topic on the discussion page. |
This is a heavy-Implement quarter (as opposed to the other strategic actions in our SecurityEngineering/Strategy).
(Also linked from Platform/2014-Q1-Goals#Security_.26_Privacy)
Tracking Protection
- Outcome: Users can import a list of content to block.
- Who: mmc, grobinson
- (mmc) Extend nsChannelClassifier to block network loads from tracking domains based on a remote list.
Security Feature Compatibility and Performance
- Outcome: improve app loading time on B2G and page load times on desktop
- Who: ckerschb, grobinson, sid
- (ckerschb) CSP rewrite in C++ (perf for B2G and all platforms)
- (grobinson) deprecation plan for old parser
Cert Revocation
- Outcome: measure feasibility of pinning mozilla properties
- Who: briansmith, cviecco
- (briansmith) root name constraints
- (briansmith) Land insanity
- (cviecco) Land key pinning + pin telemetry
- BONUS: (keeler) land cert error reporting ("report this to Mozilla") + collection infrastructure
Sandboxing
- Outcome: tighter sandbox, removes more access from child process
- Who: kang, bbondy, ckerschb
- (kang) nail down path to remoting file access (so we can remove OPEN syscall from sandbox)
- (bbondy) and equivalent file access control for windows.