Introduction

Welcome to the NSS roadmap archive. This page documents the roadmap for previous NSS releases. NSS is a collection of cryptographic libraries used for performing functions like setting up SSL connections or encrypting messages using the S/MIME standard. In 2005-2006, we made several NSS releases based on NSS 3.11. This roadmap outlines the features and historical schedule estimates for those NSS releases. These releases will address the needs of the Mozilla clients, as well as the needs of Red Hat and Sun Microsystems server products and related technologies. Other consumers of NSS will also benefit from the performance and standards compliance features.

The current NSS roadmap is available at NSS:Roadmap

NSS 3.11

NSS 3.11 Major Features

FIPS 140-2 Validation

The software cryptographic module (libsoftokn3.so) in NSS 3.11 will be submitted to BKP Security, an external validation lab, for FIPS 140-2 validation. To complete the validation, we will produce some code and a lot of documentation to demonstrate that NSS adheres to the standards. This work is being tracked in our FIPS Wiki page. We are making our documentation for FIPS 140-2 validation available on our FIPS Wiki page to make it easier for other vendors to validate other versions of NSS.

Many people ask us which version of the Mozilla clients (Firefox browser and Thunderbird mail client) will contain a FIPS 140-2 validated cryptographic module. These plans are still being reviewed, but we expect Mozilla to be able to ship the FIPS 140-2 validated module in the 2.0 release. Here is the current Firefox Roadmap. Of course, any change in the NSS schedule or the Mozilla schedule could cause this target to move.

SSL Performance Enhancements

We will work to further improve NSS's software SSL performance. The multiprecision arithmetic ("big num") library and some algorithms (such as SHA-1) will be heavily optimized. For additional performance boost, the SSL library can be configured to call the low-level crypto library (libfreebl3.so) directly, bypassing the PKCS #11 layer. (Note: applications using NSS wanting to run in FIPS 140-2 mode will need to leave the bypass turned off (which is the default) to remain compliant. For other restrictions applications need to observe when using NSS to remain compliant, please see the FIPS Application Requirements page ***CREATE PAGE!!**

NSS 3.11 Minor Features

Enable NSS to Use Tokens That Support ANSI X9.31 RSA Key Pair Generation

ANSI X9.31 specifies a method to generate RSA public/private key pairs whose p and q values meet strong primes requirements. Some hardware security modules support X9.31 RSA key pair generation.

We would like to enable one to pass the CKM_RSA_X9_31_KEY_PAIR_GEN mechanism to PK11_GenerateKeyPair. See Bugzilla bug 302219.

Hardware Security Module (HSM) Key Generation Fixes

There are two enhancement requests. The first one is to generate a symmetric key with the CKA_UNWRAP attribute. We fixed this by the new function PK11_TokenKeyGenWithFlags function. The second one is to generate a public/private key pair with the CKA_EXTRACTABLE attribute. The fix is still being designed.

These two new functions will be introduced in NSS 3.10.2.

Countermeasures for Cache Timing Attacks

We have re-implemented the multiplication and exponentiation routines in our multiprecision arithmetic ("big num") library to defend against cache timing attacks.

NSS RPM

The current NSPR and NSS RPMs in Red Hat Enterprise Linux and Fedora Core are created as byproducts of the Mozilla client RPM. They are called mozilla-nspr and mozilla-nss, and they use Mozilla's version numbers (such as 1.7.10).

We want to create the official NSPR and NSS RPMs, independent of the Mozilla RPM and with the right version numbers, that all NSPR and NSS based applications can use.

A prerequisite for this work is to enhance the Mozilla client build system so that it can build with the pre-built NSPR and NSS installed by these RPMs.

We also need to decide which NSS tools to ship. The candidate list is certutil, modutil, pk12util, signtool, and ssltap.

NSS 3.11.1

NSS 3.11.1 Features

OCSP HTTP Client Callback

We will add OCSP HTTP client callback support (Bugzilla bug 152426) so that Firefox 2.0 can do OCSP through a proxy server (Bugzilla bug 111384).

Elliptic Curve Cryptography

The NSS codebase currently contains Elliptic Curve Cryptography (ECC) algorithms donated by Sun Labs; however, they are turned off by default in the builds script. In this release we will implement the ECC TLS cipher suites specified in RFC 4492 (Bugzilla bug 236245).

This work was originally scheduled for NSS 3.12. We have decided to do it earlier in NSS 3.11.1.

TLS Server Name Indication

We are considering accelerating the implementation of the TLS Server Name Indication (SNI) extension (see RFC 3546) in light of a recent IEBlog Upcoming HTTPS Improvements in Internet Explorer 7 Beta 2.

This work was originally scheduled for NSS 3.12. We have decided to do it earlier in NSS 3.11.1.

NSS 3.11.2

NSS 3.11.2 is a bug-fix patch release. It will include

• FIPS 140-2 features: logging auditable events, new cryptographic algorithm tests,
• fixes for the regressions introduced in NSS 3.11 or 3.11.1,
• fixes for the crashes or memory errors discovered by Coverity, and
• two new root CA certificates.

NSS 3.11.5 (FIPS)

The version number 3.11.5 has been reserved for the NSS 3.11.x release that will pass FIPS 140-2 validation.