Closed Bug 1435713 Opened 6 years ago Closed 6 years ago

Add CN/hash of EE to Content Signature telemetry probe

Categories

(Core :: Security: PSM, enhancement)

Product:
Core
Component:
Security: PSM
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla60
Tracking Flags:
Tracking Status
firefox60 --- fixed

People

(Reporter: jvehent, Assigned: franziskus)

Details

Attachments

(2 files, 1 obsolete file)

Bug 1435713 - collect cert fingerprints for failed CS verifications, r?keeler,francois
45 bytes, text/x-phabricator-request
francois
: review+
keeler
: review+
Details | Review
data review request
2.29 KB, text/plain
francois
: review+
Details 
The telemetry data sent by the content signature verification logic should include the common name or hash of the end-entity cert to help detect which application caused the error.
Component: Security → Security: PSM
Attached file data review request (obsolete) — 
Because this question came up; we collect certificate fingerprints here but they are not from websites but from our internal PKI and identify the application the signed content is intended for. In particular, this is unrelated to user browsing behaviour.
Attachment #8952803 - Flags: review?(francois)
Comment on attachment 8952803 [details]
data review request

There are two answers to expand on before I can r+ this.

> 1) What questions will you answer with this data?
> 
> It should help diagnosing errors we see with rejected content signatures on the server side.

What server-side are you talking about? Is that kinto clients talking to the kinto servers and then rejecting the signature on the kinto payload because it doesn't match the signature?

> 5) List all proposed measurements and indicate the category of data collection for each measurement, using the 
> Firefox [data c](https://wiki.mozilla.org/Firefox/Data_Collection)[ollection ](https://wiki.mozilla.org/Firefox
> /Data_Collection)[categories](https://wiki.mozilla.org/Firefox/Data_Collection) on the found on the Mozilla wiki.  
> 
> All data collected in this bug is category 1 “Technical data”.

Here you can refer to the description in the telemetry config ("See CONTENT_SIGNATURE_VERIFICATION_ERRORS in Histograms.json") but you do need to mention the data that's being collected, not just the category.

In particular, the comment about these fingerprints coming from our internal PKI should be in there to support the assertion that it's Category 1 and not 3.

In Question 4, you seem to suggest that each application (product feature?) uses a different cert. Does this mean that all you can tell from a cert fingerprint is which Mozilla service was involved when a signature failed? We expect all/most users to use all of these features/products so we can't really tell users apart?
Attachment #8952803 - Flags: review?(francois) → review-
Attached file data review request 

        Attachment #8952803 -
        Attachment is obsolete: true

        Attachment #8953363 -
        Flags: review?(francois)

    
    

    
  
Comment on attachment 8952654 [details]
Bug 1435713 - collect cert fingerprints for failed CS verifications, r?keeler,francois

François Marier [:francois] has approved the revision.

https://phabricator.services.mozilla.com/D623

        Attachment #8952654 -
        Flags: review+

    
    

    
  
Comment on attachment 8953363 [details]
data review request

Thanks for the clarifications Franziskus.

1) Is there or will there be **documentation** that describes the schema for the ultimate data set available publicly, complete and accurate?

Yes, in Histograms.json and in the attached data review request.

2) Is there a control mechanism that allows the user to turn the data collection on and off?

Yes, telemetry setting.

3) If the request is for permanent data collection, is there someone who will monitor the data over time?**

Yes, Franziskus.

4) Using the **[category system of data types](https://wiki.mozilla.org/Firefox/Data_Collection)** on the Mozilla wiki, what collection type of data do the requested measurements fall under?  **

Category 1.

5) Is the data collection request for default-on or default-off?

Default on, all channels.

6) Does the instrumentation include the addition of **any *new* identifiers** (whether anonymous or otherwise; e.g., username, random IDs, etc.  See the appendix for more details)?

No.

7) Is the data collection covered by the existing Firefox privacy notice?

Yes.

8) Does there need to be a check-in in the future to determine whether to renew the data? (Yes/No) (If yes, set a todo reminder or file a bug if appropriate)**

No, permanent.

        Attachment #8953363 -
        Flags: review?(francois) → review+

    
    

    
  
Comment on attachment 8952654 [details]
Bug 1435713 - collect cert fingerprints for failed CS verifications, r?keeler,francois

David Keeler [:keeler] (use needinfo) has approved the revision.

https://phabricator.services.mozilla.com/D623

        Attachment #8952654 -
        Flags: review+

    
    

    
  
Pushed by franziskuskiefer@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/0b7257b46e0f
collect cert fingerprints for failed CS verifications, r=keeler,francois

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/0b7257b46e0f
https://hg.mozilla.org/mozilla-central/rev/1b964f109297
Status: NEW → RESOLVED
Closed: 6 years ago

          status-firefox60:
          --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla60

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: