Privacy-Technical Review: Create an SSL Error Reporting Mechanism

RESOLVED INVALID

Status

mozilla.org
Security Assurance: Review Request
RESOLVED INVALID
5 years ago
5 years ago

People

(Reporter: Kathleen Wilson, Unassigned)

Tracking

Details

(Reporter)

Description

5 years ago
Initial Questions:

Project/Feature Name: Create an SSL Error Reporting Mechanism
Tracking  ID:846489
Description:
The goal of this project is to create a certificate error reporting mechanism that will transmit and store the following information on a Mozilla server, allowing the data to be analyzed both automatically and manually.
- Domain of bad connection
- Error type (e.g. Pinning, domain mismatch, etc)
- Cert chain (at minimum, same data to distrust each cert in the chain)
- Request data (e.g. User Agent, IP, Timestamp)

Initially this reporting mechanism will be used to report, store, and analyze certificate pinning violations. In the future it could also be used for user-reported certificate errors, and other related concerns.

Certificate pinning is a mechanism by which site owners can specify a set of keys (actually fingerprints of the keys) such that in the next connection to the site, the set of keys in the certificate chain MUST intersect with the set of keys 'pinned' in the browser.
- https://bugzilla.mozilla.org/show_bug.cgi?id=744204
- https://wiki.mozilla.org/Security/Features/CA_pinning_functionality

When the set of keys in the certificate chain do not intersect with the set of keys 'pinned' in the browsers, then an alert will be generated and sent to Mozilla to be stored and analyzed. There may be some false alarms, but if a real issue (such as MITM) is identified, the security-group should be alerted for further action.

This reporting mechanism should be available before Key Pinning is live, which is targeted for May 2013. 
Additional Information:
https://etherpad.mozilla.org/CA-KeyPinningReporting 
Urgency: 2-4 weeks
Key Initiative: Firefox Platform
Release Date: 2013-05-10
Project Status: active
Mozilla Data: Yes
New or Change: New
Mozilla Project: none
Mozilla Related: SSL, security
Separate Party: Yes
Type of Relationship: Other
Data Access: No
Privacy Policy: None -- it may be the case that the user should have to click to allow the data to be sent to Mozilla.
Vendor Cost: N/A
privacy technical reviews are now gated on privacy policy reviews (kickoff workflow to be updated). If the policy review sees need for this we can reopen.
I also see no reason to keep this hidden.
Blocks: 846506
No longer blocks: 846501
Group: mozilla-corporation-confidential
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Keywords: privacy-review-needed
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.