Security/Features/Identify which bits are unencrypted: Difference between revisions
No edit summary |
No edit summary |
||
| Line 18: | Line 18: | ||
|Feature priority=P2 | |Feature priority=P2 | ||
|Feature theme=Secure Network Connections | |Feature theme=Secure Network Connections | ||
|Feature roadmap= | |Feature roadmap=Security | ||
|Feature list=Desktop | |Feature list=Desktop | ||
}} | }} | ||
{{FeatureTeamStatus}} | {{FeatureTeamStatus}} | ||
Revision as of 16:18, 5 April 2012
Status
| Help users understand which bits are unencrypted | |
| Stage | Draft |
| Status | ` |
| Release target | ` |
| Health | OK |
| Status note | ` |
{{#set:Feature name=Help users understand which bits are unencrypted
|Feature stage=Draft |Feature status=` |Feature version=` |Feature health=OK |Feature status note=` }}
Team
| Product manager | Sid Stamm |
| Directly Responsible Individual | ` |
| Lead engineer | Tanvi Vyas |
| Security lead | ` |
| Privacy lead | ` |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | ` |
| UX lead | ` |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | ` |
{{#set:Feature product manager=Sid Stamm
|Feature feature manager=` |Feature lead engineer=Tanvi Vyas |Feature security lead=` |Feature privacy lead=` |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=` }}
Open issues/risks
`
Stage 1: Definition
1. Feature overview
Highlight passwords and other sensitive data that is not transmitted over ssl. For the first stage, we will focus on type=password
2. Users & use cases
- A user is asked to login on an http page. The login form submits to an http destination. Users password is sent in cleartext.
- A user is asked to login on an https page. The login form submits to an http destination. Users password is sent in cleartext.
- A user is asked to login on an http page. The login form submits to an https destination. An attacker can mitm the first request to the login page and replace the form with one that submits the password to the attackers webpage instead.
3. Dependencies
`
4. Requirements
When type=password, outline the password box in red. Also add a note to the user that occurs onfocus so they know why the form is outlined in red (perhaps utilizing Constraint Validation)
Non-goals
`
Stage 2: Design
5. Functional specification
`
6. User experience design
`
Stage 3: Planning
7. Implementation plan
`
8. Reviews
Security review
`
Privacy review
`
Localization review
`
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
`
Stage 5: Release
10. Landing criteria
` {{#set:Feature open issues and risks=` |Feature overview=Highlight passwords and other sensitive data that is not transmitted over ssl. For the first stage, we will focus on type=password |Feature users and use cases=* A user is asked to login on an http page. The login form submits to an http destination. Users password is sent in cleartext.
- A user is asked to login on an https page. The login form submits to an http destination. Users password is sent in cleartext.
- A user is asked to login on an http page. The login form submits to an https destination. An attacker can mitm the first request to the login page and replace the form with one that submits the password to the attackers webpage instead.
|Feature dependencies=` |Feature requirements=When type=password, outline the password box in red. Also add a note to the user that occurs onfocus so they know why the form is outlined in red (perhaps utilizing Constraint Validation) |Feature non-goals=` |Feature functional spec=` |Feature ux design=` |Feature implementation plan=` |Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=` |Feature landing criteria=` }}
Feature details
| Priority | P2 |
| Rank | 999 |
| Theme / Goal | Secure Network Connections |
| Roadmap | Security |
| Secondary roadmap | ` |
| Feature list | Desktop |
| Project | ` |
| Engineering team | ` |
{{#set:Feature priority=P2
|Feature rank=999 |Feature theme=Secure Network Connections |Feature roadmap=Security |Feature secondary roadmap=` |Feature list=Desktop |Feature project=` |Feature engineering team=` }}
Team status notes
| status | notes | |
| Products | ` | ` |
| Engineering | ` | ` |
| Security | ` | ` |
| Privacy | ` | ` |
| Localization | ` | ` |
| Accessibility | ` | ` |
| Quality assurance | ` | ` |
| User experience | ` | ` |
| Product marketing | ` | ` |
| Operations | ` | ` |
{{#set:Feature products status=`
|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=` |Feature security health=` |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}