From MozillaWiki
Jump to: navigation, search

All priorities and text are subject to discussion and change.


NSS Bugzilla Bugs

Click here for a Wiki page showing useful information about NSS Bugzilla Bugs.

Here are direct Bugzilla queries regarding NSS bugs:

PSM Bugzilla Bugs

Wiki pages showing useful information about PSM Bugzilla Bugs.

Here are direct Bugzilla queries regarding PSM bugs:

SSL Burn Down List

The intent of the following tables is to list items that require significant work and/or coordination, will need to be discussed and/or communicated to a larger forum, impact is significant, or are of interest to many of the participants or users.

Priorities are as follows:

  • P1 - Must fix immediately, because it's a bad regression.
  • P2 - We need this immediately for improving security; everyone is waiting for us.
  • P3 - We really should to this, because it's a great security improvement.
  • P4 - Less important than P3.
  • P5 - Less important than P4.

Priorities are relative, so a bug that is P3 may move up in priority when a much needed P1 or P2 enhancement has been completed. Also, priorities may be changed based on need and circumstance.

Note that the "Pr" column is overloaded to show both the priority and whether the change impacts NSS, PSM, or both.

Priorities marked with an asterisk indicate that they are on Mozilla's Security or Privacy Roadmaps.


Completed -- Lists completed items that were tracked in this SSL Burn Down List page.

In Progress

Actively being worked on by an engineer, or ready to be picked up in a release.

Pr Enhancement Related Bugs Dependencies Level of Effort Status Notes
P2 NSS Move existing NSS tests to Mozilla-supported hardware bug 648676, bug 799855 Need Mozilla Release Eng to spin up new boxes for NSS tests. Need Buildbot from Mozilla VMs received for Mac and Linux. Still need VMs for Windows and Mac64.
P2 NSS Enable libpkix for all certificates bug 651246 see dependency list in bug Remaining issues - see bug 699874, bug 775827 Need to be careful when rolling this out in releases, and avoid changing too many variables at once. (e.g. CRL downloading, AIA fetching, OCSP checking of intermediates)
P2* NSS PSM Disallow weak RSA keys bug 360126, bug 134735, bug 623265, bug 622859 libpkix, bug 790809 TBD
  • press about this -- "The latest versions of Safari ..., Opera, Google Chrome, and Internet Explorer ... Notably, Mozilla Firefox does not yet reject such certificates."
  • 512bit certs have been maliciously used.
  • Chrome and Apple have disallowed certs < 1024 bits.
  • Microsoft software update to be released in October 2012 will block the use of cryptographic keys that are less than 1024 bits.
  • CAs have confirmed that they are no longer issuing certs less than 1023 bits.
  • bug 360126#c16: NSS has SSL_GetChannelInfo function to enable apps to get and display information about cert key strengths. Also see bug 587234
P2 NSS Memory Leak Testing on Mozilla VM This is important to avoid regressions in the NSS software component. In moving to libpkix we will need to make sure our testing is as complete as possible so that we don't regress anything when we fix bugs requiring tricky changes to libpkix. Our current automated NSS testing may not be insufficient, because a lot of configuration was hidden on computers run by Sun/Oracle.
P3 NSS, PSM Name Constraints Support

NSS: bug 757857, bug 757854,

PSM: bug 757832
In Progress - Kai Mozilla Policy is being updated to require externally-operated subCAs to include Name Constraints when they are not audited.
  • Add ability to create name constraint extensions to certutil
  • Automatic testing of Name Constraints
  • Display Name Constraints in certificate viewer
P3 NSS Enhance documentation and example code bug 912360 Make it easier to get started with NSS, to encourage adoption.
P4* NSS PSM CA pinning bug 744204 libpkix as default - bug 651246,

centralization of cert verification -- bug 813418

In Progress - Camilo Viecco - Land enabled built-in pins in Q3. Land host based pins in Q4 Mozilla P1

Key Pinning is a mechanism by which site owners can specify a set of keys (actually fingerprints of the keys) such that the in the next connection to the site, the set of keys in the certificate chain MUST intersect with the set of keys 'pinned' in the browser.

Ready for Implementation

Defined, Prioritized, and Ready for an engineer to grab.

Pr Enhancement Related Bugs Dependencies Level of EffortStatus Notes
P3 NSS Enforce nested EKU constraints bug 725351 Mozilla Policy requires externally-operated subCAs certs to include EKU when they are not audited. This enforcement of EKU exists in the old NSS code, but it needs to be added to the libpkix code.
P3 NSS Isolate NSS Tests bug 764978 see bug see bug big, but can be done in phases Change NSS testing to not require any connections to the outside world
P3 NSS Make a test suite that only depends a downloaded packaged NSS build bug 764979 Change NSS testing to separate building and testing
P3 PSM Better distinction in Certificate Manager between DIStrusted certs and trusted certs bug 733716 Certificate Manager now shows DIStrusted certs, but there is no indication to distinguish them from trusted certs.
P3? PSM? Show current system time on cert-expired/not-yet-valid error page bug 783757

Needs Definition / Prioritization

Needs further definition, discussion, design, or prioritization before an engineer can implement it.

Pr Enhancement Related Bugs Dependencies Level of Effort Status Notes
P? NSS PSM Enforce Baseline Requirements Consider enforcing via code the following BR requirements:
  • BR #9.1.3 - issuer:organizationName present
  • BR #9.1.4 - issuer:countryName present
  • BR #9.2.1 - extensions:subjectAltName contains at least one entry
  • BR #9.2.2 - subject:commonName - if present, must only contain one of the values contained in extensions:subjectAltName
  • BR #9.2.7 - Optional Subject attributes MUST NOT contain metadata such as ‘.’, ‘-‘, and ‘ ‘ (i.e. space) characters,
  • BR #9.4 - Validity Period (for subscriber certs) no greater than 60 months
  • BR #12 - Root not directly signing subscriber cert
  • BR #13.2.2 - OCSP provided in subscriber certs and subordinate CAs. OCSP Get supported (in future will have to consider if the website has OCSP stapling -- so either the cert has to have the OCSP URI in the AIA, or the website has to be stapled)
  • BR #13.2.5 - OCSP responses MUST conform to RFC2560 and/or RFC5019.
  • Appendix A - Digest algorithm, minimum RSA modulus,
  • Appendix B - keyUsage
P2 NSS Limit information included in patches to distrust certs bug 826640 addbuiltin -D should not disclose more information than necessary to distrust the affected cert
P2 NSS PSM Switch Firefox to sqlite shared DB Big NSS needs to move off of the unsupported DB. The current DB has many known issues that could lead to memory corruption. It is a ticking time bomb. Migration to the new DB is a big migration effort. Most of the work at the NSS level is done. From the user perspective this will provide ability to share certs between applications. However, the biggest reason for doing this is to avoid an emergency when the current DB fails and becomes corrupted.
P2 NSS? PSM? OCSP Caching bug 775376 TBD This will likely block fetching of intermediate OCSP responses. There is a bug on file for this, but it is in the NSS component. Probably, we should implement this caching in PSM, because we should reserve the cert.db for things the user has explicitly added/removed.
P2 NSS? PSM? Caching of certificate validation results in memory TBD This will be need to be done as part of doing certificate validation for items fetched from the HTTP cache, to avoid regressing performance.
P2 NSS Check Revocation of Intermediate Certs bug 155481 Caching TBD CA's should be able to revoke intermediate certs and have all certs under that subCA no longer trusted, without having to add the cert to Mozilla's Distrust list. Concerns: will cause performance regression; will require significant work to reduce the performance impact. This would require approval from release-drivers due to performance regression. We should not block switching to libpkix by default on this, so we should disable intermediate OCSP fetching for non-EV certs in libpkix first, and then use this bug to track re-enabling it in a way that doesn't regress performance.
P3 PSM Implement extension point for extensions to influence trust decisions in PSM bug 644640 Some outside contributors are willing to write the code? Other projects are blocked on this, and this is a leverage effect to enable research of future improvements to web trust. Mozilla is feeling a lot of pressure to implement.
P3* NSS PSM Rapid blocklist of certs via a push mechanism or update ping bug 647868 Mozilla P2.
P3 NSS Stop caching intermediate certificates on disk This is especially problematic in our code that uses classic cert validation, but Google found that it was even problematic when using libpkix. (We need to talk to Ryan, Wan-Teh, and Adam Langley to find out why.)
P4 PSM Remove PSM's assertion about run-by and WebSite Owner for non-EV bug 740571#c10
P4 PSM Enforce EV requirements in code bug 585122, bug 470926 OCSP Stapling TBD e.g. Don't provide EV when cert doesn't have AIA OCSP URI. Enforce things like subject naming, maximum validity period, minimum key sizes and required extensions. Kathleen to communicate to CAs that they must revoke all EV SSL certs that don't meet the technical requirements of our program and EV.
P4 PSM Improve error behaviour for expired certs (know the correct time) bug 712612 Fairly small We should store the real time and warn a user if their clock is wrong. Shouldn't be done by a core NSS/PSM developer. Could be assigned to someone who wants to join NSS/PSM as a starting project.
P4 NSS? PSM Date-based root revocation bug 712615, bug 643982 This means that any certs issued in the hierarchy before date X will continue to be trusted, but any certs issued on or after date X will not be trusted. This would allow us to revoke a root cert without breaking the web. Good idea, but complicated to get done using general code. Let's get dynamic revocation checking improved first. We can handle this on a case-by-case during emergencies.
P4 NSS OCSP multi-stapling bug 611836 TBD
P5 NSS Migrate NSS tests into Mozilla's current continuous build system Probably means moving source code from CVS to Mercurial This is probably a lot of work. NSS engineers should rather focus on security improvements. The NSS project has tinderboxes mostly maintained by Red Hat. Mozilla's continuous build system has moved to Buildbot.
P5 PSM Certificate Viewer should show SHA1 and SHA256 Fingerprints bug 622332 TBD TBD Currently it shows SHA1 and MD5. Very simple bug. Find a person understanding Mozilla's general UI code (XUL) who drives it. If help is needed from the NSS team to deliver this information, it can be easily done on the side.
P5 NSS CAA, a.k.a. Do Not Issue None yet TBD Remove from list? Need to see whether we can do client-side checks for this. First, there would need to be a general commitment in the web that this will be used as a near term standard by most.
P5 NSS? PSM? DANE None yet TBD Nice to have, but doesn't solve all the problems, and there is no commitment that a majority will use it.

Wish List

Needs to be considered in planning and/or included in the prioritizing table above.

From Brian:

Pr Enhancement Notes
P2 NSS SPDY -- make SSL faster so more sites can use it more often, which is good for security, and it requires NPN and perhaps other changes to libssl. Mozilla requirement
P3 NSS performance improvements -- performance issues result in the likes of bug 713503#c37 that propose bypassing the networking and security stack completely.
P3 NSS False Start -- make SSL faster so more web sites can use it more often, which is good for security, and requires work with or on libssl. Mozilla is demanding it, performance is important. But the current False Start "spec" needs work. Brian to provide feedback to Google about it
P5 NSS+Gecko Origin-bound-cookies -- security-enhancing feature that requires changes to libssl Google is implementing the NSS part. We should review and provide feedback on the spec.
P5 NSS+Gecko Channel-bound-cookies

From Kathleen (many of these are collected from others):

Pr Enhancement Notes
P? NSS Add code to NSS to watch for certs being used in MITM, and if any are detected in the wild, automatically store and forward the entire chain as proof to Mozilla, EFF's SSL Observatory, and other public CA auditing projects. If any such cert is found to have been issued, the CA that issued it would be summarily removed from the list of trusted roots. Identifying such 'rogue' sub-CA certs could be easily done with a small whitelist of the hashes of the CA's internal use sub-CAs. No new protocol needed.
P? PSM Improve user experience in paid-for internet connections. Before you can pay, you often cannot contact an OCSP server yet (bug 340548), which results in a security error on the payment page. OCSP stapling and overrides could help. Implement browser user interface that allows users a temporary, short-lived override (proceed anyway).
P? NSS? Persistent OCSP cache on disk. Some MITM attacks are only temporary, and if we cached revocation information on disk, the browser would be prepared for a later MITM attack involving the known revoked certificate.
P? bug 508633 -- OCSP timeout should not kill page load.
P? bug 672127 -- Cached OCSP response should not be deleted unless/until replacement is fully constructed.
P3 PSM UI Necko FF Server-Evangelism HARD FAIL connections without an explicit revocation response.

and/or Enforce OCSP by default (FF->Preferences->Advanced->Encryption->Validation-> "When an OCSP server connection fails, treat the certificate as invalid" should be checked by default). Before this will be possible, need:

  • OCSP stapling
  • Prefer local fresh CRL data over OCSP. If we already have the CRL and it's not stale, use it. If CRL is missing or stale, use OCSP and start downloading the CRL in the background.
  • on-disk caching of OCSP responses (being careful about private browsing mode)
blocked on bug 562917 and other issues. We should seriously consider alternate certificate trust mechanisms before doing any work here.

A lot of problems need to be solved before this change can be made.

  • we need to ensure that people will get into this situation less often
  • because of the above, it depends on having OCSP stapling, not just in the client
  • we need UI in the applications that will assist a user if OCSP is currently down. Good error messages, temporary disable it, etc.
  • assist the user at captive portals with badly configured servers (pay-for hotspots, failure to reach OCSP server)
Kai has some ideas and notes if people want to start working on this, please ask Kai when someone's ready to start
P4 NSS Currently EV treatment will not be given unless OCSP works for both the end-entity certs and the intermediate certs. BR 13.2.2: Effective 1 January 2013, the CA SHALL support an OCSP capability using the GET method for Certificates issued in accordance with these Requirements.
  • Require OCSP URI in the AIA of end-entity certs after OCSP stapling is supported. We would still want to require the OCSP URI in the AIA in case stapling fails. Later, after stapling of entire chain is available, also require OCSP URI in the AIA for intermediate certs.
Solved by having libPKIX by default?
P5 NSS Regular/Automated testing of OCSP services for roots included in NSS No C/C++ coding necessary, find a non-NSS person to help us with it. Bash scripting skills might be sufficient.
P5 NSS Respect name constraints even in the root cert. I believe name constraints are currently enforced in both the old library and also now in libPKIX, but I don't think the code checks for name constraints in the root cert.
  • Name constraints on roots are not part of the PKIX standard.
  • Change our certificate validation code to enforce constraints on roots, as an extension to the PKIX standard.
Let's re-evaluate after we have libPKIX by default.
P5 NSS bug 394919#c48: This patch updates the libpkix code to use the new CERT_GetConstrainedCertificateNames function.
P5 NSS bug 552346: Stop honoring DNS names found in subject common names in CERT_VerifyCertName
P5 NSS Evaluate proposals to update OCSP.
  • RFC 6277, Online Certificate Status Protocol Algorithm Agility, proposed by Phillip Hallam-Baker. This RFC specifies rules for server signature algorithm selection and an extension that allows a client to advise a server that specific signature algorithms are supported.
  • bug 663315, Start accepting SHA-2-based hashes for OCSP & CRL signatures. Provide an option to libpkix so the application can tell it which hash functions are acceptable for OCSP signatures, CRL signatures, and CA signatures.
  • Peter Gutmann Proposals

Listed elsewhere: