Closed Bug 846502 Opened 7 years ago Closed 5 years ago
Security Review: Create an SSL Error Reporting Mechanism
this will likely triage on 2013.03.13
Whiteboard: [triage needed]
aim to complete this in Q2
Assignee: nobody → mgoodwin
Whiteboard: [triage needed] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd]
Kathleen; are you available at any time this week to talk me through this? I'm in the UK but I'm flexible (to a point) on meeting times. Thanks
Hi Mark, We're just getting started on this. I'll schedule a chat with you when we have more info. Thanks, Kathleen
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][Fx]
(In reply to Kathleen Wilson from comment #4) > We're just getting started on this. I'll schedule a chat with you when we > have more info. Do we have more info yet, Kathleen?
We've discussed with privacy folks (bug #846506#c6) and have requested UX wireframes for the CA Pinning error reporting. For general SSL error gathering, we're planning to just tie into the already existing telemetry interface and permissions. When a user browses to a secure website, but gets the warning: "This Connection is Untrusted". If the user has already opted-in to sending telemetry data to Mozilla, then Mozilla telemetry will collect the appropriate information. We will need additional user interface for reporting errors about Key Pinning (https://wiki.mozilla.org/Security/Features/CA_pinning_functionality), because we want to collect this information from all users, regardless of what their telemetry permissions are. When Firefox runs into a pin violation error, the displayed error should have the "Report this to Mozilla" button. If the user selects to report the problem to Mozilla and the reporting fails, Firefox should warn the user that the reporting mechanism may be being blocked, and make the information available to the user so they can email or submit the information to us some other way.
Is there any software to review yet?
The feature seems to have landed, is there anything left to do here?
I don't think so, no.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.