MozillaWiki

SecurityEngineering/2014/Q1Goals

< SecurityEngineering
Revision as of 20:18, 13 December 2013 by Sidstamm (talk | contribs)
Draft-template-image.png THIS PAGE IS A WORKING DRAFT Pencil-emoji U270F-gray.png
The page may be difficult to navigate, and some information on its subject might be incomplete and/or evolving rapidly.
If you have any questions or ideas, please add them as a new topic on the discussion page.

This is a heavy-Implement quarter (as opposed to the other strategic actions in our SecurityEngineering/Strategy).

(Also linked from Platform/2014-Q1-Goals#Security_.26_Privacy)

Tracking Protection

  • Outcome: Users can import a list of content to block.
  • Who: mmc, grobinson
    • (mmc) Extend nsChannelClassifier to block network loads from tracking domains based on a remote list.

Security Feature Compatibility and Performance

  • Outcome: improve app loading time on B2G and page load times on desktop
  • Who: ckerschb, grobinson, sid
    • (ckerschb) CSP rewrite in C++ (perf for B2G and all platforms)
    • (grobinson) deprecation plan for old parser

Cert Revocation

  • Outcome: measure feasibility of pinning mozilla properties
  • Who: briansmith, cviecco
    • (briansmith) root name constraints
    • (briansmith) Land insanity
    • (cviecco) Land key pinning + pin telemetry
    • BONUS: (keeler) land cert error reporting ("report this to Mozilla") + collection infrastructure

Sandboxing

  • Outcome: tighter sandbox, removes more access from child process
  • Who: kang, bbondy, ckerschb
    • (kang) nail down path to remoting file access (so we can remove OPEN syscall from sandbox)
    • (bbondy) and equivalent file access control for windows.
Retrieved from "https://wiki.mozilla.org/index.php?title=SecurityEngineering/2014/Q1Goals&oldid=789663"