Add telemetry for measuring the privacy of TLS Handshakes
Categories
(Core :: Security: PSM, enhancement, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox106 | --- | ? |
People
(Reporter: djackson, Assigned: djackson)
References
(Regressed 1 open bug)
Details
Attachments
(4 files)
Recently developed features have the potential to substantially improve the privacy of TLS connections made by Firefox, but only when used in combination. Although we monitor the amount each individual feature is used, we don't know how often they are used together. We should telemetry which checks which privacy features are in use for a particular connection. In particular:
- Was TLS1.3 used? This ensures the TLS server's certificate was encrypted in transit.
- Was DoH used? This ensures the DNS lookup was encrypted in transit.
- Was ECH used? This ensures the SNI was encrypted in transit.
- Were any OCSP revocation checks made? These leak the domain visited to the CA, but have largely been made obsolete by crlite.
This telemetry records a single bit for each of these four fields, for a total of 16 possible values.
Assignee | ||
Comment 1•2 years ago
|
||
Assignee | ||
Comment 2•2 years ago
|
||
Depends on D156105
Assignee | ||
Comment 3•2 years ago
|
||
Depends on D156106
Updated•2 years ago
|
Assignee | ||
Comment 4•2 years ago
|
||
Comment 5•2 years ago
|
||
Comment on attachment 9292826 [details]
data-review-webprivacy.md
DATA COLLECTION REVIEW RESPONSE:
Is there or will there be documentation that describes the schema for the ultimate data set available publicly, complete and accurate?
Yes.
Is there a control mechanism that allows the user to turn the data collection on and off?
Yes. This collection is Telemetry so can be controlled through Firefox's Preferences.
If the request is for permanent data collection, is there someone who will monitor the data over time?
Yes, Dennis Jackson is responsible.
Using the category system of data types on the Mozilla wiki, what collection type of data do the requested measurements fall under?
Category 1, Technical.
Is the data collection request for default-on or default-off?
Default on for all channels.
Does the instrumentation include the addition of any new identifiers?
No.
Is the data collection covered by the existing Firefox privacy notice?
Yes.
Does the data collection use a third-party collection tool?
No.
Result: datareview+
Pushed by djackson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e94a38b79965 Record whether OCSP requests were made whilst making a TLS connection. r=keeler,necko-reviewers. https://hg.mozilla.org/integration/autoland/rev/a3b5d214b5d4 Record whether Private DNS was used for a TLS Connection. r=keeler,necko-reviewers,valentin. https://hg.mozilla.org/integration/autoland/rev/52d5a06be477 Add the telemetry for Web Privacy. r=keeler.
Assignee | ||
Updated•2 years ago
|
Comment 7•2 years ago
|
||
Backed out for causing build bustages.
Backout link: https://hg.mozilla.org/integration/autoland/rev/6f40edcea55e77a0d294c3cfaa94472780eb59b3
Failure log: https://treeherder.mozilla.org/logviewer?job_id=389309764&repo=autoland&lineNumber=70729
Updated•2 years ago
|
Pushed by djackson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4c5124ec3cc5 Record whether OCSP requests were made whilst making a TLS connection. r=keeler,necko-reviewers. https://hg.mozilla.org/integration/autoland/rev/7d9a4776085f Record whether Private DNS was used for a TLS Connection. r=keeler,necko-reviewers,valentin. https://hg.mozilla.org/integration/autoland/rev/19c97e457625 Add the telemetry for Web Privacy. r=keeler.
Assignee | ||
Updated•2 years ago
|
Comment 9•2 years ago
|
||
bugherder |
Updated•2 years ago
|
Description
•