From MozillaWiki
Jump to: navigation, search

Session Title

Crypto in Clients: Trends, Plans, Demos

Session Leader

Bob Lord, Tim Riley


Bob Lord and members of his security community present trends, plans and demos. This session will emphasize interactive discussion and Q&A.


  • Overview of Trends
  • Plans from the security community

Interested Attendees

Please add your name here if you're likely to attend this session, this will help prioritize sessions and minimize conflicts

Meeting Notes


ECC keys

  • stronger then equivalent next higher RSA key
    • 512 ECC is stronger then 1024 RSA key
    • ECC faster to process
  • Recommendation is to not encrypt with 1K RSA key in 4-5 years
  • 2048 CA keys are common now

TLS 1.2

  • Goal: Crypto agility - no hard coded algorithms
  • Currently hardcoded to use SHAH 1 and Suite B
  • Will this be 312? No sure [dveditz]

FIPS 140-2

  • Hardware or software encryption
  • Also a Canadian standard
  • Last NSS valdation (version 3.2) was in Netscape 6.2
  • New validation for NSS 3.11
    • takes 3 months for validation
    • Want to get 3.11 into
    • 1.8 branch is already 3.11.3 (FF 2)
    • Plan to go to 3.11.4 for
    • FF1.5 has NSS 3.10.2 (roughly)
    • FIPS 5 is the numeric code for states
  • New things in Version 2 (140-2) has
    • New requirements for strength of passwords
    • Auditing events in crypo module

Shared DBs

  • Same st of user keys
  • to get new key:
    • Get key from FFx
    • copy it off web page
    • Copy into TBird
    • Cannot directly access same key by both FFx and TBird
      • Gov requirement for limit access to keys by different apps
  • Tried Sleepycat
  • Tried RDB for SQL Lite


  • Path validation standard
  • Path Discovery
  • OID - Object Identifier
  • If you get a message from FBI was it really FBI?