122
edits
Security/CryptoEngineering: Difference between revisions
More details
(Link to more NSS pages) |
(More details) |
||
| Line 1: | Line 1: | ||
= Projects = | ''Last Updated: 3 Nov 2016'' | ||
= Crypto Engineering Projects = | |||
Our team's major projects are broken down by module: | |||
== [[NSS]] == | == [[NSS]] == | ||
NSS is the cryptography and transport security library that powers Firefox. | |||
In 2016Q4 and 2017Q1 we're working on three aspects of NSS. | |||
=== Improve Developer Ergonomics === | === Improve Developer Ergonomics === | ||
* 2016 Q4: [[NSS/Build_System|Change build systems to Gyp]] | NSS [http://www-archive.mozilla.org/projects/security/pki/nss/history.html dates back to Netscape Navigator], and much of the infrastructure for working inside the codebase dated back nearly that far, making an artificially-high barrier to entry for new community contributors. | ||
* 2016 Q4: Move reviews to Phabricator | |||
* 2016 Q4: Semi-Automatic Branch Uplifts to Mozilla-Central | * 2016 Q4: [[NSS/Build_System|Change build systems to Gyp]] for dramatically faster builds, with an easier-to-maintain set of build scripts. | ||
* 2016 Q4: Move reviews to Phabricator. | |||
** MozReview's lack of a security-restricted mode makes it unacceptable | |||
* 2016 Q4: Semi-Automatic Branch Uplifts to Mozilla-Central, so that changes can be tested in Nightly. | |||
* 2016 Q4: [[NSS/Demos|[MWOS] Add new NSS demonstration code]] to show how to use NSS in a modern way. | |||
=== Cleanup === | === Cleanup === | ||
* 2016 Q4: Support ARM and ARM64 testing in TaskCluster | Many things in NSS are old without being a barrier to community contribution. | ||
* 2016 Q4: Support fuzzing the internal interfaces | |||
* 2016 Q4: Port the AES-NI Linux-x86 assembly to NASM and cross- | * 2016 Q4: Support ARM and ARM64 testing in TaskCluster. | ||
** While NSS is security-critical on all our platforms, historically we only found out about breakage in ARM platforms after the fact, so we're now treating ARM and ARM64 as first-class testing environments. | |||
* 2016 Q4: Support fuzzing the internal interfaces. | |||
** If you build security-critical code today, you plan to fuzz it from the start. NSS wasn't built that way, so it needs some adjustments to make it fuzzy on the inside. | |||
* 2016 Q4: Port the AES-NI speedup Linux-x86 assembly code to NASM and cross-assemble it for Windows and OSX. | |||
=== New Functions === | === New Functions === | ||
* 2016 Q4: Support TLS v1.3 | We're thought leaders in producing a more secure Internet; our software needs to keep up with our ideas. | ||
* 2016 Q4: [[NSS/BoGo_Tests|Integrate BoGo's integration tests into NSS builds]] | |||
* | * 2016 Q4: Support TLS v1.3. | ||
* 2016 Q4: [[NSS/ | ** This is a major revision to the transport security specification, and a large boon for protecting our users from adversaries and surveillance. | ||
* 2017 Q1: Post-Quantum Research | * 2016 Q4: [[NSS/BoGo_Tests|Integrate BoGo's integration tests into NSS builds]]. | ||
** The automated tests for NSS are mostly unit tests. Integration testing was historically assumed to happen at Firefox, but that's limited. BoGo is a rich set of integration tests that can diagnose protocol issues during automated testing. | |||
* 2016 Q4: [[NSS/ARGON2|[MWOS] Implement Argon2]] to provide a basis to modernize the Master Password in Firefox. | |||
* 2017 Q1: Post-Quantum Research and Development. | |||
** Mozilla is intending to join the efforts in developing cryptography that will remain secure once quantum computers come online. This is expected to be a long-duration R&D effort. | |||
== PSM == | == PSM == | ||
* 2016 Q4: | PSM performs the business logic of deciding whether a given secure network connection is actually trustworthy. It applies logic from the user's choices, the Mozilla Root Program, and the platform in order to make a trust determination. E.g., whether to show a connection as secure. | ||
* 2016 Q4 / 2017 Q1: [[Security/CryptoEngineering/SHA-1|SHA-1 Shutoff Plan]] | |||
* 2016 Q4: Re-architect PSM/NSS interaction to eliminate shutdown crashes. | |||
** The interaction between PSM and NSS is extremely old, and doesn't follow the modern methods Gecko uses to initialize and shutdown modules. As such, NSS sometimes crashes when shutting down; this is a leading crash on Android. Fixing this is a substantial architectural change. | |||
* 2016 Q4 / 2017 Q1: Implement the [[Security/CryptoEngineering/SHA-1|SHA-1 Shutoff Plan]]. | |||
** The WebPKI is halting use of SHA-1 for publicly-trusted certificates. PSM will be enforcing that halt starting in early 2017. | |||
== Web Authentication == | == Web Authentication == | ||
* 2016 Q2: FIDO U2F v1.1 JS API landed behind a | Password authentication is known to be a security liability on the Web. The [https://www.w3.org/TR/webauthn/ W3C Web Authentication Working Group is developing a specification] for using Scoped Credentials to supplement or replace passwords. Mozilla intends to implement Web Authentication (WebAuthn) specification. | ||
* 2016 Q4: Support USB HID U2F devices on Linux | |||
* 2016 Q4: Draft WebAuthn JS API | * 2016 Q2: FIDO U2F v1.1 JS API landed, hidden behind preferences. | ||
* 2017 Q1: Support USB HID U2F devices on Windows / Mac OS X | ** You can test a "Soft Token" using any recent version of Firefox using the instructions at https://u2f.bin.coffee/ | ||
* 2016 Q4: Support USB HID U2F devices on Linux. | |||
* 2016 Q4: Draft WebAuthn JS API available, hidden behind a pref, using the Soft Token from U2F. | |||
* 2017 Q1: Support USB HID U2F devices on Windows / Mac OS X. | |||
* 2017 Q1: Integrate USB HID U2F devices with the WebAuthn JS API. | |||
* 2017 Q1-2: Update to the final implementation WebAuthn JS API. | |||