Closed Bug 1266571 Opened 9 years ago Closed 9 years ago

Add telemetry to measure incidence of non-TLS use of HTTP AUTH

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla49
Tracking Flags:
Tracking Status
firefox49 --- fixed

People

(Reporter: abr, Assigned: abr)

Details

Attachments

(1 file, 3 obsolete files)

Add telemetry to measure incidence of non-TLS use of HTTP AUTH
4.72 KB, patch
abr
: review+
Details | Diff | Splinter Review
The idea has been floated that we may wish to start taking some action regarding the use of HTTP auth -- and basic auth in particular -- over non-TLS connections. Options discussed so far include alerting the user of the nature of the connection, and blocking basic auth over unencrypted connections altogether. This measurement is intended to collect data around the incidence of the use of basic auth (versus digest and ntlm auth) and its relative frequency over secure versus insecure connections. This measurement is intended to inform the conversation around how we treat unencrypted http auth in the future.
Attachment #8744067 - Flags: review?(mcmanus)
Attachment #8744067 - Flags: feedback?(benjamin)
And, for Ben's benefit: > What are the questions that these probes are designed to address? Is this the minimum amount of data necessary to answer those questions? See comment 0. > Who is responsible for monitoring the data? How often will they do it? Do the necessary monitoring dashboards already exist or who is going to create them? Richard Barnes will monitor the data, using the existing telemetry dashboard. > What's the user value? Ultimately, this data will let us make informed decisions that may make users more secure. It may also prevent us from making decisions that will inconvenience large quantities of users.
Comment on attachment 8744067 [details] [diff] [review] Add telemetry to measure digest auth over non-TLS Review of attachment 8744067 [details] [diff] [review]: ----------------------------------------------------------------- This is more in honza's wheelhouse, so I'm going to have him do the review.. but I've got a few thoughts 1] I expect you'll find digest is basically unused 2] ntlm negotiation is often only present on the first mumble-N transactions for a connection so comparing the raw numbers of ntlm vs other won't be especially helpful (but http vs https for it would be) 3] I'm not sure if negotiate is lumped in with ntlm here or not 4] while data is cool, I'm probably not ok with breaking use legacy use cases.. my general pov is the legacy web is allowed to creep along, let's put all the new web in https only. Basic Auth is legacy web.
Attachment #8744067 - Flags: review?(mcmanus) → review?(honzab.moz)
Comment on attachment 8744067 [details] [diff] [review] Add telemetry to measure digest auth over non-TLS I doubt that "never" is a good choice here. Please make this expire in 6 months. But I'd also encourage you to go ahead and measure on the release population for 6 months: we know that usage varies widely from beta to release, especially across enterprise and in more varied countries/languages. Please also specify the metric in the form of a statement: "Recorded once for each HTTP 401 response. The value records the type of authentication and the TLS-enabled status. 0=basic/clear [etc...]" And that bug# isn't right. Did you mean to use 1266571 instead of 38437?
Attachment #8744067 - Flags: feedback?(benjamin) → feedback-
Attachment #8744067 - Attachment is obsolete: true
Attachment #8744067 - Flags: review?(honzab.moz)
Comment on attachment 8745453 [details] [diff] [review] Add telemetry to measure incidence of non-TLS use of HTTP AUTH Addressed Ben's feedback. (FWIW, the previous bug number was a placeholder, inserted because my workflow involves using "hg bzexport" to create a bug from a patch, and I didn't have the bug number ahead of time).
Attachment #8745453 - Flags: review?(honzab.moz)
Attachment #8745453 - Flags: feedback?(benjamin)
Comment on attachment 8745453 [details] [diff] [review] Add telemetry to measure incidence of non-TLS use of HTTP AUTH data-review=me
Attachment #8745453 - Flags: feedback?(benjamin) → feedback+
Comment on attachment 8745453 [details] [diff] [review] Add telemetry to measure incidence of non-TLS use of HTTP AUTH Review of attachment 8745453 [details] [diff] [review]: ----------------------------------------------------------------- Should we also recognize local networks from internet? ::: netwerk/protocol/http/nsHttpChannelAuthProvider.cpp @@ +773,5 @@ > > + // Collect statistics on how frequently the various types of HTTP > + // authentication are used over SSL and non-SSL connections. > + if (gHttpHandler->IsTelemetryEnabled()) { > + if (!PL_strcasecmp(authType, "basic")) { please use NS_LITERAL_CSTRING("basic").LowerCaseEqualsASCII(authType) @@ +779,5 @@ > + UsingSSL() ? HTTP_AUTH_BASIC_SECURE : HTTP_AUTH_BASIC_INSECURE); > + } else if (!PL_strcasecmp(authType, "digest")) { > + Telemetry::Accumulate(Telemetry::HTTP_AUTH_TYPE_STATS, > + UsingSSL() ? HTTP_AUTH_DIGEST_SECURE : HTTP_AUTH_DIGEST_INSECURE); > + } else if (!PL_strcasecmp(authType, "ntlm")) { and what about Negotiate?
Attachment #8745453 - Flags: review?(honzab.moz) → feedback-
Attachment #8745453 - Attachment is obsolete: true
Comment on attachment 8746715 [details] [diff] [review] Add telemetry to measure incidence of non-TLS use of HTTP AUTH (In reply to Honza Bambas (:mayhemer) from comment #8) > Should we also recognize local networks from internet? That's not part of what Richard has expressed interest in measuring, and it would require a substantially larger patch to accomplish. I'd like to go ahead and get this lightweight measurement in place rather than expanding scope at this time.
Attachment #8746715 - Flags: review?(honzab.moz)
Comment on attachment 8746715 [details] [diff] [review] Add telemetry to measure incidence of non-TLS use of HTTP AUTH Review of attachment 8746715 [details] [diff] [review]: ----------------------------------------------------------------- So, if you don't care about local nets (which I think you should anyway, but whatever you wish) you may at least want to recognize or better simply ignore proxy authentication that is usually going to be local only anyway and should not interfere with end-server authentication probes. Up to you, tho. ::: netwerk/protocol/http/nsHttpChannelAuthProvider.cpp @@ +775,5 @@ > > + // Collect statistics on how frequently the various types of HTTP > + // authentication are used over SSL and non-SSL connections. > + if (gHttpHandler->IsTelemetryEnabled()) { > + if (!NS_LITERAL_CSTRING("basic").LowerCaseEqualsASCII(authType)) { remove the !
Attachment #8746715 - Flags: review?(honzab.moz) → review+
Comment on attachment 8747484 [details] [diff] [review] Add telemetry to measure incidence of non-TLS use of HTTP AUTH Carrying forward mayhemer's r+
Attachment #8747484 - Flags: review+
Attachment #8746715 - Attachment is obsolete: true
Gah. Bug 1269153. Requesting checkin.
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/7e1cffeecaae
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox49: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: