NSS:Roadmap

Revision as of 04:05, 12 August 2005 by Lord (talk | contribs) (→‎Biometrics)

Updated: Aug-8-2005 by Bob Lord

Introduction

Welcome to the NSS roadmap. NSS is a collection of cryptographic libraries used for performing functions like setting up SSL connections, or encrypting messages using the S/MIME standard. In 2005-2006, we plan to make at lease two NSS releases: NSS 3.11 and NSS 3.12. This roadmap outlines the features and schedule estimates for these upcoming NSS releases. These releases will address the needs of the Mozilla clients, as well as the needs of Red Hat and Sun Microsystems server products and related technologies. Other consumers of NSS will also benefit by the performance and standards compliance features.

NSS 3.11

NSS 3.11 Major Features

FIPS 140-2 Validation

The software cryptographic module (libsoftokn3.so) in NSS 3.11 will be submitted to BKP Security, an external validation lab, for FIPS 140-2 validation. To complete the validation, we will produce some code and a lot of documentation to demonstrate that NSS adheres to the standards. This work is being tracked in our FIPS Wiki page. We are making our documentation for FIPS 140-2 validation available on our FIPS Wiki page to make it easier for other vendors to validate other versions of NSS.

Many people ask us which version of the Mozilla clients (Firefox borwser and Thunderbird mail client) will contain a FIPS 140-2 validated module. These plans are still being reviewed, but we expect Mozilla to be able to ship the FIPS 140-2 validated module in the 2.0 release. Here is the current Firefox Roadmap. Of course, any change in the NSS schedule, or the Mozilla schedule, could case this target to move.

SSL Performance Enhancements

We will work to further improve NSS's software SSL performance. The multiprecision arithmetic ("big num") library and some algorithms (such as SHA-1) will be heavily optimized. For additional performance boost, the SSL library can be configured to call the low-level crypto library (libfreebl.a) directly, bypassing the PKCS #11 layer. (Note: applications using NSS wanting to run in FIPS 140-2 mode will need to leave the bypass turned off (which is the default) to remain compliant. For other restrictions applications need to observe when using NSS to remain compliant, please see the FIPS Application Requirements page ***CREATE PAGE!!**

NSS 3.11 Minor Features

Enable NSS to Use Tokens That Support ANSI X9.31 RSA Key Pair Generation

ANSI X9.31 specifies a method to generate RSA public/private key pairs whose p and q values meet strong primes requirements. Some hardware security modules support X9.31 RSA key pair generation.

We would like to enable one to pass the CKM_RSA_X9_31_KEY_PAIR_GEN mechanism to PK11_GenerateKeyPair. See Bugzilla bug 302219.

Hardware Security Module (HSM) Key Generation Fixes

There are two enhancement requests. The first one is to generate a symmetric key with the CKA_UNWRAP attribute. We fixed this by the new function PK11_TokenKeyGenWithFlags function. The second one is to generate a public/private key pair with the CKA_EXTRACTABLE attribute. The fix is still being designed.

These two new functions will be introduced in NSS 3.10.2.

Countermeasures for Cache Timing Attacks

We have re-implemented the multiplication and exponentiation routines in our multiprecision arithmetic ("big num") library to defend against cache timing attacks.

NSS RPM

The current NSPR and NSS RPMs in Red Hat Enterprise Linux and Fedora Core are created as byproducts of the Mozilla client RPM. They are called mozilla-nspr and mozilla-nss, and they use Mozilla's version numbers (such as 1.7.10).

We want to create the official NSPR and NSS RPMs, independent of the Mozilla RPM and with the right version numbers, that all NSPR and NSS based applications can use.

A prerequisite for this work is to enhance the Mozilla client build system so that it can build with pre-built NSPR and NSS installed by these RPMs.

We also need to decide which NSS tools to ship. The candidate list is certutil, modutil, pk12util, signtool, and ssltap.

NSS 3.12

NSS 3.12 Major Features

SQLite-Based Multiaccess Certificate and Key Databases

Many client applications, such as Mozilla Firefox, Mozilla Thunderbird, Evolution, OpenOffice.org, are using NSS now, but they each have their own certificate and key databases. As a result, for example, if you import and trust a certificate in Firefox, you will not see it in Thunderbird. This is because Berkeley DB 1.85, the database NSS currently uses, can't be used by multiple processes.

Although new versions of Berkeley DB (from Sleepycat Software) support multiprocess access, its open source license is incompatible with the Mozilla Public License (MPL).

We are planning to implement a multiaccess database using SQLite, which has a "public domain" license. In NSS 3.11 we plan to offer this new multiaccess database as an alternate database plugin (librdb.so). We plan to make it the default database in NSS 3.12. Other Mozilla teams are adopting SQLite, making it a logical choice for the NSS project as well.

Note: This change will affect code inside the FIPS 140-2 defined module boundaries. Therefore, we will need to document these changes and obtain a delta validation.

libpkix: an RFC 3280 Compliant Certificate Path Validation Library

We are implementing libpkix, a new certificate path validation libraty that support the certificate and CRL profile specified in RFC 3280.

libpkix will add to NSS several features that are long overdue, such as certificate policy, cross-certification (Federal Bridge CA), and delta CRLs.

New variants of CERT_VerifyCert will be added that use libpkix for certificate path validation.

Elliptic Curve Cryptography

The NSS codebase currently contains Elliptic Curve Cryptography (ECC) algorithms donated by Sun Research Labs, however they are turned off by default in the builds script. In this release we will enable NSS to use third-party tokens that implement ECC. We have not yet decided if we will enable all ECC functionality in this release.

Future Work: NSS 3.13 and Beyond

Biometrics

NSS needs to support external biometrics to unlock tokens. Today there are limitation in the PKCS#11 specifications which make it hard to replace the traditional smartcard PIN UI prompt with an external biometric operation. For example, we would like to unlock smartcards using a fingerprint reader or retina scanner.

Schedules

NSS 3.11

  • Feature Complete: 8/31/2005
  • Beta: 9/12/2005
  • RTM: 10/31/2005
  • FIPS 140-2 validation: 2006 Q1

NSS 3.12

  • Feature Complete: TBD
  • Beta: TBD
  • RTM: 2006 Q2

NSS 3.13

  • Feature Complete: TBD
  • Beta: TBD
  • RTM: TBD