NSS:Roadmap: Difference between revisions

Jump to navigation Jump to search

NSS:Roadmap (view source)

Revision as of 17:31, 8 August 2007

2,585 bytes removed ,  8 August 2007
→‎NSS 3.11
Line 7: Line 7:
= NSS 3.11 =
= NSS 3.11 =


== NSS 3.11 Major Features ==
NSS 3.11 Roadmap has been moved to [[NSS:Roadmap:Archive ]].


===FIPS 140-2 Validation ===
===FIPS 140-2 Validation ===
Line 14: Line 14:


Many people ask us which version of the Mozilla clients (Firefox browser and Thunderbird mail client) will contain a FIPS 140-2 validated cryptographic module. These plans are still being reviewed, but we expect Mozilla to be able to ship the FIPS 140-2 validated module in the 2.0 release. [http://weblogs.mozillazine.org/roadmap/archives/2005_12.html Here is the current Firefox Roadmap]. Of course, any change in the NSS schedule or the Mozilla schedule could cause this target to move.
Many people ask us which version of the Mozilla clients (Firefox browser and Thunderbird mail client) will contain a FIPS 140-2 validated cryptographic module. These plans are still being reviewed, but we expect Mozilla to be able to ship the FIPS 140-2 validated module in the 2.0 release. [http://weblogs.mozillazine.org/roadmap/archives/2005_12.html Here is the current Firefox Roadmap]. Of course, any change in the NSS schedule or the Mozilla schedule could cause this target to move.
=== SSL Performance Enhancements ===
We will work to further improve NSS's software SSL performance. The multiprecision arithmetic ("big num") library and some algorithms (such as SHA-1) will be heavily optimized. For additional performance boost, the SSL library can be configured to call the low-level crypto library (libfreebl3.so) directly, bypassing the PKCS #11 layer. (Note: applications using NSS wanting to run in FIPS 140-2 mode will need to leave the bypass turned <i>off</i> (which is the default) to remain compliant. For other restrictions applications need to observe when using NSS to remain compliant, please see the [[FIPS Application Requirements]] page ***CREATE PAGE!!**
== NSS 3.11 Minor Features ==
=== Enable NSS to Use Tokens That Support ANSI X9.31 RSA Key Pair Generation ===
[http://www.rsasecurity.com/rsalabs/node.asp?id=2306 ANSI X9.31] specifies a method to generate RSA public/private key pairs whose p and q values meet strong primes requirements. Some hardware security modules support X9.31 RSA key pair generation.
We would like to enable one to pass the CKM_RSA_X9_31_KEY_PAIR_GEN mechanism to PK11_GenerateKeyPair. See [https://bugzilla.mozilla.org/show_bug.cgi?id=302219 Bugzilla bug 302219].
=== Hardware Security Module (HSM) Key Generation Fixes ===
There are two enhancement requests. The first one is to generate a symmetric key with the CKA_UNWRAP attribute. We fixed this by the new function PK11_TokenKeyGenWithFlags function. The second one is to generate a public/private key pair with the CKA_EXTRACTABLE attribute. The fix is still being designed.
These two new functions will be introduced in NSS 3.10.2.
=== Countermeasures for Cache Timing Attacks ===
We have re-implemented the multiplication and exponentiation routines in our multiprecision arithmetic ("big num") library to defend against cache timing attacks.
=== NSS RPM ===
The current [http://www.mozilla.org/projects/nspr/ NSPR] and NSS RPMs in Red Hat Enterprise Linux and Fedora Core are created as byproducts of the Mozilla client RPM. They are called mozilla-nspr and mozilla-nss, and they use Mozilla's version numbers (such as 1.7.10).
We want to create the official NSPR and NSS RPMs, independent of the Mozilla RPM and with the right version numbers, that all NSPR and NSS based applications can use.
A prerequisite for this work is to enhance the Mozilla client build system so that it can build with the pre-built NSPR and NSS installed by these RPMs.
We also need to decide which NSS tools to ship. The candidate list is certutil, modutil, pk12util, signtool, and ssltap.


= NSS 3.11.1 =
= NSS 3.11.1 =
Relyea
439

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/64905"

Navigation menu