Security/Features/SSL Error Reporting

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.

Status

SSL Error Reporting
Stage Design
Status In progress
Release target `
Health OK
Status note Certificate pinning will use this.

Team

Product manager Kathleen Wilson
Directly Responsible Individual David Keeler
Lead engineer David Keeler
Security lead `
Privacy lead `
Localization lead `
Accessibility lead `
QA lead `
UX lead `
Product marketing lead `
Operations lead `
Additional members `

Open issues/risks

`

Stage 1: Definition

1. Feature overview

Add a "Report to Mozilla" option to the "Untrusted Connection" error page. bug 846501

2. Users & use cases

A user browses to a secure website, but gets the warning: "This Connection is Untrusted". If the user has already opted-in to sending telemetry data to Mozilla, then Mozilla telemetry will collect the appropriate information.

Another use case will be when Certificate Pinning is available. When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browser, then an alert will be displayed to the user, and provide a "report to Mozilla" option. The user should be warned that their interaction with the website might be watched, so they should avoid entering personal data, but they should be able to accept the risk and go forward to the site. Note that the reporting mechanism could possibly get blocked by a malicious actor (or for some other reason), and if that happens the user should be notified that the reporting mechanism may be being blocked, and the information should be made available (in a file?) so the user can email or submit the information to us some other way.

3. Dependencies

Not necessarily a dependency, but need to keep in mind:

  • There's an IETF key-pinning draft in the works that can report pinning errors. See bug 846501#c5. If we use a format for the general SSL error reporting that is compatible with the IETF standard for reporting key pinning errors, we may be able to avoid writing that code twice.
  • Certificate Pinning will need this capability.

4. Requirements

Use telemetry permission settings for non-pinning errors. For Pinning errors, the user should opt-in to send the information to Mozilla. Enough information needs to be sent to Mozilla to reproduce or sufficiently analyze the problem.

Non-goals

`

Stage 2: Design

5. Functional specification

Two parts:

  1. Add telemetry collection to the "Untrusted Connection" error, using the regular telemetry permission settings.
  2. Certificate Pinning will need a way for the user (regardless of if their telemetry permissions are set) to report certificate pinning violations to Mozilla.

6. User experience design

Two parts:

  1. Collecting telemetry data from the "Untrusted Connection" error page probably does not require any user interface change.
  2. New user interface for reporting Certificate Pinning violations.

Stage 3: Planning

7. Implementation plan

  1. Implement the capability to return the necessary information (Look into using Bagheera.)
    • Entire certificate chain as sent by server
    • Domain of bad connection
    • NSS Error Code
    • User Agent, IP address, Timestamp
  2. UX changes for Certificate Pinning error reporting
  3. Add back-end utilities to analyze the data.

8. Reviews

Security review

bug 846502

Privacy review

bug 846506

Localization review

`

Accessibility

`

Quality Assurance review

`

Operations review

bug 865918

Stage 4: Development

9. Implementation

Use Bagheera client. There is Bagheera client support for both desktop (as of Fx21) and Android (Fx23/24), so we should be able to generate a JSON payload and submit it for later analysis.

Stage 5: Release

10. Landing criteria

`


Feature details

Priority P1
Rank 999
Theme / Goal TLS Hardening
Roadmap Security
Secondary roadmap `
Feature list `
Project `
Engineering team Security

Team status notes

  status notes
Products ` `
Engineering ` `
Security ` `
Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `