Security Policy: Difference between revisions

The NSS cryptographic module uses '''Role-Based Authentication''' to control access to the module. To perform sensitive services using the cryptographic module, an operator must explicitly request to assume the NSS User role by logging into the module, and perform an authentication procedure using information unique to that operator (individual password). Role-based authentication is used to safeguard a user's '''private key''' information. However, Discretionary Access Control (DAC) is used to safeguard all other NSS User information (e.g., the public key certificate database). An NSS User may use a product (e.g., Mozilla Firefox) without establishing a personal private key -- e.g., they may utilize SSL Server Authentication without having a private key established. However, to enable SSL on a server product, a '''private key''' and '''public key certificate''' are required to enable secure services. An individual password is required in order to start the server -- this password is used to decrypt the private key.