Add telemetry for Delegated Credentials
Categories
(Core :: Security: PSM, enhancement, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox71 | --- | fixed |
People
(Reporter: jcj, Assigned: kjacobs)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-backlog])
Attachments
(2 files)
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
3.36 KB,
text/plain
|
tdsmith
:
data-review+
|
Details |
When a delegated credential is in use for a pageload or for a transaction, we should accumulate a scalar saying so, indicating the prevalence of usage for those activities.
|
Reporter | |
Updated•5 years ago
|
|
|
Reporter | |
Comment 1•5 years ago
|
||
Maybe also a telemetry histogram for TLS connection time when delegated credential is in use, for a short-ish collection period.
|
Assignee | |
Updated•5 years ago
|
|
|
Reporter | |
Comment 2•5 years ago
|
||
We also would want to know about failures for the actual DC experimental addon. I believe that addon can return arbitrary telemetry results, so I don't think that there needs be anything in this bug for it, but it might be worth confirming.
|
||
Comment 3•5 years ago
|
||
Kevin / J.C.: can you document all of the telemetry (both in tree and via the add-on) you want to use for the experiment? That can go here or in bug #1574029
|
|
Reporter | |
Comment 4•5 years ago
|
||
In tree:
scalars.yaml:
tls_delegated_credentials_for_transaction:
bug_numbers:
- 1564179
description: >-
Count of how many transactions used delegated credentials (ietf-draft-tls-subcerts)
expires: "80"
kind: boolean
notification_emails:
- seceng-telemetry@mozilla.com
- kjacobs@mozilla.com
release_channel_collection: opt-out
products:
- 'firefox'
- 'fennec'
- 'geckoview'
record_in_processes:
- main
histograms.json:
"TLS_DELEGATED_CREDENTIALS_TIME_UNTIL_HANDSHAKE_FINISHED_MS": {
"record_in_processes": ["main"],
"products": ["firefox", "fennec", "geckoview"],
"alert_emails": ["seceng-telemetry@mozilla.com", "kjacobs@mozilla.com"],
"expires_in_version": "80",
"releaseChannelCollection": "opt-out",
"kind": "exponential",
"high": 60000,
"n_buckets": 200,
"bug_numbers": [1564179],
"description": "milliseconds to complete a TLS handshake that used delegated credentials"
},
In add-on, a scalar:
tls_delegated_credentials_cf_test_result:
kind: string
keyed: false
description: >-
Results of connecting to Cloudflare's delegated credentials test host. Returns one of the following:
success:
Connected successfully using a delegated credential
timed_out:
Network timeout
handshake_not_delegated:
Connected successfully, but did not negotiate using delegated credential
certificate_not_delegated:
Connected successfully, but the certificate did not permit delegated credentials
dns_failure:
Failed to connect due to a DNS failure
network_failure:
Failed to connect due to a non-timeout, non-dns network error (connection reset, etc)
insufficient_security:
Delegated credential used did not provide high enough security
incorrect_tls_version:
Connected successfully, but used TLS < 1.3
There will probably be more error cases as we think through them.
|
|
Assignee | |
Comment 5•5 years ago
|
||
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 6•5 years ago
|
||
|
||
Comment 7•5 years ago
|
||
Comment on attachment 9097768 [details]
1564179_dc_telemetry_data_review.txt
Load balancing to tdsmith.
|
||
Comment 8•5 years ago
|
||
Super sorry for the belated response.
There will probably be more error cases as we think through them.
Just a heads up that collecting additional data will require an additional review.
In add-on, a scalar:
Is there a repository for the addon? We've typically described the telemetry collected by an addon in documentation in the addon's repository. An example is here, for the DoH experiment: https://github.com/mozilla/doh-rollout/blob/master/docs/telemetry.md
It may be useful to do something similar here, though we can discuss alternatives if that's unworkable.
The collections themselves lgtm.
|
|
Assignee | |
Comment 9•5 years ago
|
||
There is no addon yet, but we can certainly follow the DoH example for documenting in-repo once it exists.
|
|
||
Comment 10•5 years ago
|
||
Comment on attachment 9097768 [details] 1564179_dc_telemetry_data_review.txt 1) Is there or will there be **documentation** that describes the schema for the ultimate data set in a public, complete, and accurate way? Yes. In-tree probes will be documented in Histograms.json, Scalars.yaml, and visible in the probe dictionary. Add-on probes will be documented alongside the addon code. 2) Is there a control mechanism that allows the user to turn the data collection on and off? Yes, the Firefox telemetry opt-out. 3) If the request is for permanent data collection, is there someone who will monitor the data over time? n/a 4) Using the **[category system of data types](https://wiki.mozilla.org/Firefox/Data_Collection)** on the Mozilla wiki, what collection type of data do the requested measurements fall under? Category 1, technical data. 5) Is the data collection request for default-on or default-off? Default-on. 6) Does the instrumentation include the addition of **any *new* identifiers**? No. 7) Is the data collection covered by the existing Firefox privacy notice? **If unsure: escalate to legal if:** Yes. 8) Does there need to be a check-in in the future to determine whether to renew the data? kjacobs et al are responsible for determining whether to renew the collection before Firefox 80. 9) Does the data collection use a third-party collection tool? No.
|
||
Comment 12•5 years ago
|
||
Pushed by csabou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/668ba95593cf
Add telemetry for delegated credentials r=jcj
|
||
Comment 13•5 years ago
|
||
| bugherder | ||
Description
•