Details

• Location: MTV-3A All Your Base ( was Fail, but Failed )
• Vidyo: remoties use Sid's vidyo room
• Start time: roughly ~8:45 PDT
• Etherpad: https://etherpad.mozilla.org/network-security-meetup

Agenda and Notes

Introduction

09:00 - Gerv says hi

Kathleen Wilson is the person the person to ask on the CA program in mozilla: How many Certs/orgs, policies, etc.

Doug: Can we disable OCSP now on mobile (android, firefox os).

Doug: we need captive portal

Gerv: things thak make me happy: HSTS, keypinning, cert telemetry, ct, dane, ponies& rainbows. OCSP for EV not for DV? Why not?

• We should have a way to do revo checking before OCSP -> For CA we already do Chemspill.

10:00

DANE?

• I think we all agree it's not the right way forward
• And slow

OCSP

• right now we're saying "OCSP sucks" but not helping improve it
• should we support OCSP GET so CDNs can be used and so we can cache responses?
  • Patch in progress: https://bugzilla.mozilla.org/show_bug.cgi?id=436414 -- Gerv
• Must staple: http://tools.ietf.org/html/draft-hallambaker-muststaple-00

Why are we doing TOR related stuff

Stamm

work closer with the Tor project to port in some of their patches so that they can focus on tor and FF can be extended to help them.

CCH Next Steps...

No change. No Policy. Sit tight for now.

11:15

HTTP decrypting proxies

• do we want to create a TLS MITM proxy protocol that allows decryption and inspection without requiring addition of a new trust anchor?
  • Would be client- (and server-?) authorized

11:30

understand brian's ciphersuite ordering proposal and impacts

• https://briansmith.org/browser-ciphersuites-01.html
• Offer set of ciphersuites that is consistent with other browsers
• _more_ emphasis on ephemeral key exchange
• _more_ emphasis on performance (speed)
• devd is studying cipher suite change impacts (e.g., avoiding RC4, etc)

12:05

Devtools discussion

• FireShark? WireFox? Do we want TLS inspection info in our dev tools?

Brainstorming:

• https://ssllabs.com
• Give advice
  • Make it easier to find cipher suite and TLS version used
  • Exposing the ephemeral key exchange master secret through devtools for wiresharking. https://developer.mozilla.org/en-US/docs/NSS_Key_Log_Format
    • A tool that can generate our recommended OpenSSL cipher suite configuration strings (as used in Apache and other software) (ssllabs)
  • Warnings about TLS version intolerance fallback (ssllabs)
  • Warnings about lack of TLS 1.2/3 support (ssllabs)
    • warning about giant cert sizes (ssllabs can do this)
      • • Highlight unncessary / wasteful bits of certificates in cert UI and show amount of wasted space. (e.g. Verisign/Symmantec puts their LOGO as a PNG in every cert.) (ssllabs)
      • Warn about too-long certificate chains (ssllabs)
  • Warnings about server choice of deprecated ciphersuites (ssllabs)
  • Warnings about lack of HSTS / key pinning / must staple (ssllabs)
  • Warnings about lack of CT proof in certificate / OCSP response (ssllabs)
  • Warnings about missing revocation information (ssllabs)
  • TLS record size information (ssllabs)
  • Detect vulnerable OpenSSL (etc.) versions through fingerprinting (ssllabs)
  • Make it easier to reset cached SSL state / connections
  • link to https://ssllabs.com report and be done with things?
    • Warnings about badly/wrongly/incompletely constructed certificate chain with a "give me the fixed certificate chain" button that allows them to save the corrected chain. (ssllabs)
  • Scan server for cipher suite support (ssllabs)

12:30

LUNCH BREAK

14:00

Goals discussion

• compared/discussed Q3 goals
• SecEng will connect their goals to the platform goals page in Q4 2013

14:40

WiFi Captive Portal detection (562917)

• Firefox team is pretty motivated to make this happen
• Detecting redirects is the first step

15:00

NSPR/NSS branch model stuff

15:40

HTTP/2 IETF stuff

• Should TLS be mandatory for HTTP/2? <- sure.
  • Should it mandate ciphersuites?
    • Brian: perhaps requiring a minimum bar like TLS 1.1, but maybe this spec isn't the right place to document best ciphersuites.
• We should make a point to develop a plan in Q4 on how to move this forward (together as SecEng and Network)

16:20 Pinning

• Main concern: it's fragile; sites can break.
• Chrome has had Pinning since 2011. Where are we with our pinning?
  • Requires insanity

Statistics

• can we do anything around key pinning other than opt-in? Even just for reporting suspected mitm? -- dougt/mcmanus has one dumb idea.
  • What if we just report violations or even cert change info and mine that data? (Obvious privacy issues)
  • https://bugzilla.mozilla.org/show_bug.cgi?id=846506

Action items:

• 2-second Timeout [camillo - bug 918120]
• disable insecure fallback to SSL 3 [briansmith]
• Captive portal stuff [dougt will find owner] 562917 (lco has done some UI designs, MattN + filipe have thought about this)
• Circulate proposal for cert change system [dougt]
• talk to dcamp about TLS-related dev tools [sid]
• find owner for meta/a referrer stuff [sid - bug 704320]

---

FUTURE Agenda:

• Areas of company focus
• Mozilla-defined NSS future work
• NSPR/NSS Branch Model at Mozilla (false start 713933?)
• Proper Security Reviews
• Cha-Cha evaluation
• Various TLS specifics
• client hello issues - npn/alpn. alpn profiles
• TLS 1.[12'3']
• handshake/IW fit
• Channel ID

CA Policy:

• Why are there so many CA in Firefox?

Future protocol stuff (?):

• Minimum security profile for http/2
• TLS for http:// scheme
• CarpeNet
• state of windows integrated auth

How we can work better together (everyone)