RFE: Possibility for grading quality of TLS connection #9
Comments
|
This is a pretty big undertaking, and might be better as a separate project. I would say about 80% or so of what SSLeuth looks at is possible with the new API. Is it still relevant when services like SSL Labs will provide a much more in-depth analysis? |
|
My main use case for SSLeuth was to quickly see if a connection was not the best. I just cannot and do not scan each site I visit with SSLLabs.
|
|
As for a replacement given WebExtensions contrainst I guess a colored grading in the icon and/or badge would be good, combined with a popup menu, as it is really not needed to open the whole new tag page for it. |
|
hey @april I would like to contribute on this one being an outreachy aspirant. Can you please suggest me which code to touch? |
|
I don't think this would be a particularly good task for an outreachy aspirant, especially given that I don't even know how I would grade connections at this point. |
|
Hi @april . |
|
I don't even know how I would do this. If you want to write up a proposal I could certainly take a look at it, but the scope of this is probably far beyond any other bug. |
I have created the proposal for grading quality of TLS connection. Pleas allow me to work on it. |
@april I have created the proposal for grading quality of TLS connection. Pleas allow me to work on it. |
|
So you want to use HTTP Observatory. The things I see here:
And personally, I still consider this out of scope of this add-on. It would possibly better fit into a new add-on... |
Hi @april I believe we can prompt a user reject or allow us send his or her domain name to a third-party service. |
|
The HTTP Observatory doesn't do any grading of TLS, nor does the TLS Observatory. Nothing in this proposal would address the request in the issue, @noahwalugembe. Further, tools like SSL Labs and the TLS Observatory also only address available cipher suites and protocols, but they don't grade what the browser is actually using. Sorry, I don't think this issue is at an appropriate complexity level for you to address. |
Thanks @april for your advise. Is it okay if i can ask you to get form me some new bugs which i can work on this week. Pleas give me a hand. I really need to contribute so as to qualify for internship with outreachy. |
|
The grading is both subjective and transient (what is secure now may not be secure in 2 years). I don’t think this function is in scope of the project. |
SSLeuth offered a simple grading of the TLS connections quality, based upon factors like "strength of the symmetric encryption", "strength of the key exchange", "strength of the MAC/AEAD", "forward secrecy", "extended validation", "certificate status", etc, where the wheight for every single factor could be configured.
A similar feature would be nice to have, perhaps even rendering the grading directly onto the extension's icon in the URL bar.
The text was updated successfully, but these errors were encountered: