QA/Firefox3.1/Cryptography Test Plan: Difference between revisions
| Line 14: | Line 14: | ||
List areas that will NOT be covered (by developer, third party, etc.) | List areas that will NOT be covered (by developer, third party, etc.) | ||
Describe how testcases will be created (litmus, mochitests, reftests, gristmill, etc..) | Describe how testcases will be created (litmus, mochitests, reftests, gristmill, etc..) | ||
==Certificate Issuance== | |||
Users can obtain personal certificates for the following purposes: | |||
# Client-auth: Some HTTPS servers request/require users to present a personal certificate while negotiating the SSL/TLS connection. We sometimes refer to this connection as an "SSL client auth" connection. Read more here... | |||
# Form signing: Firefox supports a mechanism for a web page developer to request that users digitally sign forms at the time of submission. Read more here... | |||
# Plug-ins: There are a few plug-ins that require users to have personal certificates. One example is the S/MIME plug-in for GMail. Read more here... | |||
Some times these personal certificates live on smartcards, and sometimes they live on the hard drive in the form of a "soft token". Interestingly, Firefox's NSS cryptography libraries treat software-based certificates as if they were hardware tokens. In other words, there's just one way for Firefox to talk to both software and hardware tokens (PKCS#11). Read more here... | |||
===Public CA Test=== | |||
For these tests, we will use the Thawte CA: Get a cert from Thawte on Linux, Windows XP, Vista, and OSX | |||
Thawte: http://www.thawte.com/ | |||
===Mozilla-owned CA Test=== | |||
Mozilla should install an instance of the Dogtag Certificate Authority 1.0 and run the following tests against that CA. | |||
Dogtag open source CA home page: | |||
http://pki.fedoraproject.org/wiki/PKI_Main_Page | |||
= Schedule Scoping = | = Schedule Scoping = | ||
Revision as of 07:35, 21 August 2008
- Cryptography Test Plan
Overview
This test document details the features of Firefox that deal with cryptography, including SSL/TLS, client-side certificates, validation checking, UI, and so on.
Some of these tests require the use of a Mozilla-run certificate authority such as the Dogtag open source project's CA.
Test Strategy
List major areas of test coverage List areas that will NOT be covered (by developer, third party, etc.) Describe how testcases will be created (litmus, mochitests, reftests, gristmill, etc..)
Certificate Issuance
Users can obtain personal certificates for the following purposes:
- Client-auth: Some HTTPS servers request/require users to present a personal certificate while negotiating the SSL/TLS connection. We sometimes refer to this connection as an "SSL client auth" connection. Read more here...
- Form signing: Firefox supports a mechanism for a web page developer to request that users digitally sign forms at the time of submission. Read more here...
- Plug-ins: There are a few plug-ins that require users to have personal certificates. One example is the S/MIME plug-in for GMail. Read more here...
Some times these personal certificates live on smartcards, and sometimes they live on the hard drive in the form of a "soft token". Interestingly, Firefox's NSS cryptography libraries treat software-based certificates as if they were hardware tokens. In other words, there's just one way for Firefox to talk to both software and hardware tokens (PKCS#11). Read more here...
Public CA Test
For these tests, we will use the Thawte CA: Get a cert from Thawte on Linux, Windows XP, Vista, and OSX
Thawte: http://www.thawte.com/
Mozilla-owned CA Test
Mozilla should install an instance of the Dogtag Certificate Authority 1.0 and run the following tests against that CA.
Dogtag open source CA home page: http://pki.fedoraproject.org/wiki/PKI_Main_Page
Schedule Scoping
Estimate amount of time it will take to complete feature (Consider nightly builds, security reviews, bugs turnaround time)
References
Include notes, links, specs, relevant bugs