1915224 - Warn users when SSLKEYLOGGING is active (in site identity/lock icon?)

Status: NEW

(Core :: Security: PSM, enhancement)

Description

[Daniel Veditz [:dveditz]]

There have been several bugs attempting to disable the SSLKEYLOGGING feature out of safety concerns (in NSS itself, in Firefox, in Firefox Release builds at least) but it's a debugging tool that's used often enough that we haven't been able to. Instead, we could treat it like we treat the equally dangerous case when remote automation is enabled and warn the user. Or when we know a MITM ("corporate") root is being used. In the automation case we show a robot head in the addressbar. For sslkeylogging we could similarly decorate the lock icon (or whatever replaces it in the near future) and then give details about the connection in the site identity box.

Users who turned this on themselves wouldn't mind, but the strangeness could help protect unsuspecting users against a local malicious program that enabled it and was consuming the log file to keep tabs on the user.

Another alternative would be some kind of start-up confirm prompt, something like the one people get for a remote debugging connection. But I think that would be rejected by most: Hard to do a modal at start up (so I guess it would be an informative prompt rather than a modal), and it would get in the way of people using logging in conjunction with automated testing or CI.

I think this is "security: psm", but maybe it's "Firefox::Security" these days since they're revamping the site identity box.