NSS:FaceToFace2012: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 133: | Line 133: | ||
<td>TBD</td> | <td>TBD</td> | ||
<td>'''Dinner''' - [http://www.scratchmtnview.com Scratch in Mtn. View]</td> | <td>'''Dinner''' - [http://www.scratchmtnview.com Scratch in Mtn. View]</td> | ||
<td>'''Please add your name here if you plan to attend:''' Kathleen, Johnathan, Gerv, </td> | <td>'''Please add your name here if you plan to attend:''' Kathleen, Johnathan, Gerv, Wan-Teh, </td> | ||
</tr> | </tr> | ||
Revision as of 23:25, 1 August 2012
NSS Face to Face Meeting
Date: August 7 and 8, 2012 (Tuesday and Wednesday)
Location: 650 Castro Street, Mountain View, CA 94041
Conference Room: Northbridge, 4th Floor, 1-650-903-0800 extension 5480
Teleconference:
- 1-650-903-0800, extension 92, conference number 99161#
- 1-800-707-2533, password 369, conference number 99161#
Vidyo: Kathleen Wilson (9161)
IRC server: irc.mozilla.org, room: #nss
Attendees: Everyone local should try to attend the appropriate meetings in person. Everyone else may attend the appropriate meetings via Vidyo or phone.
High Level Schedule
| Day | Topics |
|---|---|
| Tuesday | Context Setting, Roadmaps, NSS Priorities, CAB Forum, Process, Telemetry |
| Wednesday | Infrastructure, Design/Technical Discussions |
| Thursday | Wrap-up (if needed), Design/Technical Discussions (optional) |
Detailed Agenda
Tuesday, August 7
| Day/Time | Meeting Topic | Attendees |
|---|---|---|
| 9:30-10:00 | Context Setting
|
Kai Engert, Bob Relyea, Wan-Teh Chang, Ryan Sleevi, Johnathan Nightingale, Brian Smith, Kathleen Wilson, Gerv Markham, Lukas Blakk |
| 10:00-10:45 | Mozilla Roadmaps: Firefox, Security, and Privacy
|
Kai Engert, Bob Relyea, Wan-Teh Chang, Ryan Sleevi, Johnathan Nightingale, Asa Dotzler, Sid Stamm, Lucas Adamski, Brian Smith, Kathleen Wilson, Gerv Markham, Dan Veditz, Josh Aas, Eric Rescorla, Ian Melven, Camilo Viecco |
| 10:45-11:30 |
|
Wan-Teh Chang, Ryan Sleevi, Kai Engert, Bob Relyea, Elio Maldonado, Johnathan Nightingale, Brian Smith, Kathleen Wilson, Gerv Markham, Dan Veditz, Sid Stamm, Lucas Adamski, Josh Aas, Eric Rescorla, Ian Melven, Camilo Viecco |
| 11:30-12:15 | Lunch | |
| 12:15-1:15 | Items particularly related to our CAB Forum participation
|
Wan-Teh Chang, Ryan Sleevi, Kai Engert, Bob Relyea, Elio Maldonado, Johnathan Nightingale, Brian Smith, Kathleen Wilson, Gerv Markham, Dan Veditz, Sid Stamm, Lucas Adamski, Eric Rescorla, Ian Melven, Camilo Viecco |
| 1:15-2:30 | Process
|
Wan-Teh Chang, Ryan Sleevi, Kai Engert, Bob Relyea, Elio Maldonado, Johnathan Nightingale, Brian Smith, Kathleen Wilson, Gerv Markham, Sid Stamm, Tanvi Vyas, |
| 2:30-3:00 | Telemetry for NSS/PSM
|
Kai Engert, Bob Relyea, Sid Stamm, David Chan, Dan Veditz, Brian Smith, Kathleen Wilson, Ian Melven |
| TBD | Dinner - Scratch in Mtn. View | Please add your name here if you plan to attend: Kathleen, Johnathan, Gerv, Wan-Teh, |
Wednesday, August 8
| Day/Time | Meeting Topic | Attendees |
|---|---|---|
| 9:30-10:00 | Follow-up from Monday's meetings. (Was "Infrastructure: Buildbot System Demonstration", but the buildbot is not ready) | Kai Engert, Ryan Sleevi, Bob Relyea, Elio Maldonado, Brian Smith, Josh Aas, Kathleen Wilson, Dustin Mitchell, Justin Wood, Chris Cooper, John O'Duinn |
| 10:00-10:30 | Infrastructure: Version Control | Wan-Teh Chang, Ryan Sleevi, Kai Engert, Bob Relyea, Elio Maldonado, Johnathan Nightingale, Brian Smith, Josh Aas, Kathleen Wilson, Dustin Mitchell, John O'Duinn, Corey Shields, Melissa O'Connor |
| 10:30-11:30 | Infrastructure: Tests and Automation
|
Kai Engert, Bob Relyea, Elio Maldonado, Wan-Teh Chang, Ryan Sleevi, Brian Smith, Josh Aas, Kathleen Wilson, Dustin Mitchell, Justin Wood, Chris Cooper, John O'Duinn, Corey Shields, Melissa O'Connor |
| 11:30-12:30 | Lunch | |
| 12:30-1:00 | FIPS Certification | Wan-Teh Chang, Ryan Sleevi, Kai Engert, Bob Relyea, Elio Maldonado, Johnathan Nightingale, Brian Smith, Kathleen Wilson, Gerv Markham, Sid Stamm |
| 1:00-1:30 | Operating System Requirements and Operating System Integration; e.g.
|
Kai Engert, Bob Relyea, Wan-Teh Chang, Ryan Sleevi, Elio Maldonado, Johnathan Nightingale, Brian Smith, Kathleen Wilson, Gerv Markham, Sid Stamm |
| 1:30-4:30 | Design/Technical Discussions (topics to be decided by NSS Team) | NSS Team and additional Mozilla folks as needed. |
Thursday, August 9
| Day/Time | Meeting Topic | Attendees |
|---|---|---|
| TBD | Wrap-up (if needed) -- complete any discussions that were left open. | NSS Team and additional Mozilla folks as needed. |
| TBD | Design/Technical Discussions (optional) | NSS Team and additional Mozilla folks as needed. |
Potential Design/Technical Discussion Topics
Here's a list of possible items to have design and/or technical discussions about.
- OCSP Stapling
- CA Pinning
- TLS 1.1
- TLS 1.2
- Libpkix enablement for all certs
- OCSP Get
- libssl4
- J-PAKE
- CA:OCSP-HardFail
- Cert Blocklist via Update Ping
- HSTS
Background: Notes from Kai/Dustin Meeting in June
- NSS is a general purpose C crypto/certificate management library used by a number of applications as well as Mozilla (cert8.db and key3.db holds user stored passwords). Chrome on Linux uses NSS as well, but use the local crypto toolkit on windows and OS X
- NSPR is an API wrapper around the code that interfaces with multiple security devices (PKCS11) - smart cards, hardware tokens, etc
Releases are done with NSPR/NSS at the same time (keep them in sync). They just ask people not to make any changes, then make a tar ball. No binary releases since it's just a library.
Historically, the people who've worked on NSS have been a bit separate from the rest of the project. Members work at RedHat and Google (for example). During the last year, a few more people have volunteered.
There aren't a lot of updates and the NSS team only does code merges every once in a while. They use CVS for VCS since there's little development compared to the rest of the mozilla project, and they don't want to maintain multiple additional branches or learn a new VCS (not enough people resources).
Currently working on TLS 1.1 and hopefully TLS 1.2 in the future. So there are two branches right now (stable and dev).
IT resources:
- Until recently, it has been a long struggle to get resources since Mozilla has moved on to new processes (tinderbox/bonsai, buildbot, VCS, etc). NSS has requirements that are not being met.
- In the past, Sun was providing people to work on QA/testing, but that went away when Oracle bought Sun. Then Redhat took over. Redhat had to figure out how to run the tests (only old versions of the tests were checked in).
- Redhat only has Linux, not Windows or Macs, so they didn't have the ability to test on those architectures.
- About a year and a half ago, Mozilla offered to help as long as the NSS/NSPR team conformed to the rest of releng systems (all or nothing). The NSS group didn't have the resources to make their things compatible and were spending all of their resources trying to pick up the pieces from the Oracle purchase and subsequent ousting from Sun's hardware/QA group.
- NSS/NSPR needed immediate coverage to get testing on other platforms working, but that took a year (when Dustin stepped in, Mozilla provided community VMs)
- Kai wrote wiki pages on how to set up the VMs to run tests after getting access to these VMs, so that situation is better now.
- Kai is working on a list of steps to get from where the team is now to something closer to what Mozilla would like to support (no more CVS, for example), but they need to plan this out, compromise to find what works best for NSS/NSPR team and Mozilla both, and they need help making the transition (again, lack of people resources on their part).
- Dustin had some suggestions on what might work, but these things still need to be hashed out and defined.