Security/Features/TLS Telemetry
Status
| TLS Telemetry | |
| Stage | Draft |
| Status | In progress |
| Release target | Firefox 11 |
| Health | OK |
| Status note | ` |
{{#set:Feature name=TLS Telemetry
|Feature stage=Draft |Feature status=In progress |Feature version=Firefox 11 |Feature health=OK |Feature status note=` }}
Team
| Product manager | David Chan |
| Directly Responsible Individual | David Chan |
| Lead engineer | David Chan |
| Security lead | David Chan |
| Privacy lead | Sid Stamm |
| Localization lead | ` |
| Accessibility lead | ` |
| QA lead | ` |
| UX lead | ` |
| Product marketing lead | ` |
| Operations lead | ` |
| Additional members | Brandon Sterne |
{{#set:Feature product manager=David Chan
|Feature feature manager=David Chan |Feature lead engineer=David Chan |Feature security lead=David Chan |Feature privacy lead=Sid Stamm |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=Brandon Sterne }}
Open issues/risks
NSS currently doesn't expose information exchanged during the initial client-server handshake. See bugs bug 704675 and bug 704584
The negotiated information may be sufficient for our uses.
Stage 1: Definition
1. Feature overview
The goal of this telemetry study is to collect SSL/TLS related data that our users encounter in their daily browsing. This data can be used to decide whether Firefox should support legacy / less secure protocols such as weak keys or SSLv2 .
2. Users & use cases
The target users are Firefox users.
Use Cases
- Collect cipher suites exchanged during handshake and negotiated cipher
- Collect TLS/SSL version
- Collect certificate key strength (bits)
- Collect TLS/SSL certificate related errors
- What kind of errors are our users encountering?
- Domain mismatch, expired, untrusted issuer, etc
3. Dependencies
`
4. Requirements
`
Non-goals
`
Stage 2: Design
5. Functional specification
`
6. User experience design
`
Stage 3: Planning
7. Implementation plan
`
8. Reviews
Security review
`
Privacy review
Review is in progress. Please see review page
Localization review
`
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
Implementation bug
Files modified
- docshell/base/nsDocShell.cpp
- docshell/base/nsDocShell.h
- security/manager/ssl/src/nsNSSCallbacks.cpp
- toolkit/components/telemetry/TelemetryHistograms.h
Explanation of values collected
- SSL/TLS Version
0 - Unknown SSL/TLS Version 1 - Not Used 2 - SSLv2 3 - SSLv3 4 - SSLv3.1 / TLS 1.0
- Negotiated Ciphersuite
- The values are an index mapping to the array SSL_ImplementedCiphers in sslenum.c
- If elliptic curve cryptography (ECC) is not enabled at compile time, then the values are stored as index + 256. This leaks some information about a user's build.
- Retrieving the ciphersuite from the data involves performing a lookup in the table, adjusting for ECC if needed.
- Generic SSL/TLS Certificate Error
- Below values are defined in nsIX509Cert.idl
- Mapping of below errors to NSS SEC_* errors can be found in nsNSSCertificate.cpp
0 - NOT_VERIFIED_UNKNOWN 1 - CERT_REVOKED 2 - CERT_EXPIRED 3 - CERT_NOT_TRUSTED 4 - ISSUER_NOT_TRUSTED 5 - ISSUER_UNKNOWN 6 - INVALID_CA 7 - USAGE_NOT_ALLOWED
- Detailed SSL/TLS Certificate Error
- The above generic errors may map to more specific errors
- More than one of the below errors can occur. The resulting value will be the bitwise-or of the applicable flags
- Self-signed and untrusted can not occur at the same time
1 - Self-signed Certificate 2 - Untrusted Issuer 4 - Domain Mismatch 8 - Invalid Time (expired / not valid yet)
- Server RSA Public Key Modulus
0 - Server doesn't use RSA n - # of bits in server modulus
Stage 5: Release
10. Landing criteria
` {{#set:Feature open issues and risks=NSS currently doesn't expose information exchanged during the initial client-server handshake. See bugs bug 704675 and bug 704584
The negotiated information may be sufficient for our uses. |Feature overview=The goal of this telemetry study is to collect SSL/TLS related data that our users encounter in their daily browsing. This data can be used to decide whether Firefox should support legacy / less secure protocols such as weak keys or SSLv2 . |Feature users and use cases=The target users are Firefox users.
Use Cases
- Collect cipher suites exchanged during handshake and negotiated cipher
- Collect TLS/SSL version
- Collect certificate key strength (bits)
- Collect TLS/SSL certificate related errors
- What kind of errors are our users encountering?
- Domain mismatch, expired, untrusted issuer, etc
|Feature dependencies=` |Feature requirements=` |Feature non-goals=` |Feature functional spec=` |Feature ux design=` |Feature implementation plan=` |Feature security review=` |Feature privacy review=Review is in progress. Please see review page |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=Implementation bug
Files modified
- docshell/base/nsDocShell.cpp
- docshell/base/nsDocShell.h
- security/manager/ssl/src/nsNSSCallbacks.cpp
- toolkit/components/telemetry/TelemetryHistograms.h
Explanation of values collected
- SSL/TLS Version
0 - Unknown SSL/TLS Version 1 - Not Used 2 - SSLv2 3 - SSLv3 4 - SSLv3.1 / TLS 1.0
- Negotiated Ciphersuite
- The values are an index mapping to the array SSL_ImplementedCiphers in sslenum.c
- If elliptic curve cryptography (ECC) is not enabled at compile time, then the values are stored as index + 256. This leaks some information about a user's build.
- Retrieving the ciphersuite from the data involves performing a lookup in the table, adjusting for ECC if needed.
- Generic SSL/TLS Certificate Error
- Below values are defined in nsIX509Cert.idl
- Mapping of below errors to NSS SEC_* errors can be found in nsNSSCertificate.cpp
0 - NOT_VERIFIED_UNKNOWN 1 - CERT_REVOKED 2 - CERT_EXPIRED 3 - CERT_NOT_TRUSTED 4 - ISSUER_NOT_TRUSTED 5 - ISSUER_UNKNOWN 6 - INVALID_CA 7 - USAGE_NOT_ALLOWED
- Detailed SSL/TLS Certificate Error
- The above generic errors may map to more specific errors
- More than one of the below errors can occur. The resulting value will be the bitwise-or of the applicable flags
- Self-signed and untrusted can not occur at the same time
1 - Self-signed Certificate 2 - Untrusted Issuer 4 - Domain Mismatch 8 - Invalid Time (expired / not valid yet)
- Server RSA Public Key Modulus
0 - Server doesn't use RSA n - # of bits in server modulus
|Feature landing criteria=` }}
Feature details
| Priority | Unprioritized |
| Rank | 999 |
| Theme / Goal | ` |
| Roadmap | ` |
| Secondary roadmap | ` |
| Feature list | ` |
| Project | ` |
| Engineering team | Security |
{{#set:Feature priority=Unprioritized
|Feature rank=999 |Feature theme=` |Feature roadmap=` |Feature secondary roadmap=` |Feature list=` |Feature project=` |Feature engineering team=Security }}
Team status notes
| status | notes | |
| Products | ` | ` |
| Engineering | ` | ` |
| Security | sec-review-unnecessary | ` |
| Privacy | ` | ` |
| Localization | ` | ` |
| Accessibility | ` | ` |
| Quality assurance | ` | ` |
| User experience | ` | ` |
| Product marketing | ` | ` |
| Operations | ` | ` |
{{#set:Feature products status=`
|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=sec-review-unnecessary |Feature security health=OK |Feature security notes=` |Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}