CryptoInClientsSummit2006

From MozillaWiki
Jump to: navigation, search

Session Title

Crypto in Clients: Trends, Plans, Demos

Session Leader

Bob Lord, Tim Riley

Summary

Bob Lord and members of his security community present trends, plans and demos. This session will emphasize interactive discussion and Q&A.

Agenda

  • Overview of Trends
  • Plans from the security community

Interested Attendees

Please add your name here if you're likely to attend this session, this will help prioritize sessions and minimize conflicts

Meeting Notes

11/15/06

ECC keys

  • stronger then equivalent next higher RSA key
    • 512 ECC is stronger then 1024 RSA key
    • ECC faster to process
  • Recommendation is to not encrypt with 1K RSA key in 4-5 years
  • 2048 CA keys are common now

TLS 1.2

  • Goal: Crypto agility - no hard coded algorithms
  • Currently hardcoded to use SHAH 1 and Suite B
  • Will this be 312? No sure [dveditz]

FIPS 140-2

  • Hardware or software encryption
  • Also a Canadian standard
  • Last NSS valdation (version 3.2) was in Netscape 6.2
  • New validation for NSS 3.11
    • takes 3 months for validation
    • Want to get 3.11 into 2.0.0.1
    • 1.8 branch is already 3.11.3 (FF 2)
    • Plan to go to 3.11.4 for 2.0.0.1
    • FF1.5 has NSS 3.10.2 (roughly)
    • FIPS 5 is the numeric code for states
  • New things in Version 2 (140-2) has
    • New requirements for strength of passwords
    • Auditing events in crypo module

Shared DBs

  • Same st of user keys
  • to get new key:
    • Get key from FFx
    • copy it off web page
    • Copy into TBird
    • Cannot directly access same key by both FFx and TBird
      • Gov requirement for limit access to keys by different apps
  • Tried Sleepycat
  • Tried RDB for SQL Lite

LibPKIX

  • Path validation standard
  • Path Discovery
  • OID - Object Identifier
  • If you get a message from FBI was it really FBI?