NSS:Roadmap: Difference between revisions

Jump to navigation Jump to search

NSS:Roadmap (view source)

Revision as of 20:56, 1 June 2012

282 bytes removed ,  1 June 2012
→‎Proposals for NSS 3.14
No edit summary
 
(32 intermediate revisions by 8 users not shown)
Line 1: Line 1:
Updated: June 15, 2006 by Wan-Teh Chang
= Introduction =
= Introduction =


Welcome to the [http://www.mozilla.org/projects/security/pki/nss/ NSS] roadmap. NSS is a collection of cryptographic libraries used for performing functions like setting up SSL connections or encrypting messages using the S/MIME standard. In 2005-2006, we plan to make at lease three NSS releases: NSS 3.11, NSS 3.11.1, and NSS 3.12. This roadmap outlines the features and schedule estimates for these upcoming NSS releases. These releases will address the needs of the Mozilla clients, as well as the needs of Red Hat and Sun Microsystems server products and related technologies. Other consumers of NSS will also benefit from the performance and standards compliance features.
Welcome to the [http://www.mozilla.org/projects/security/pki/nss/ NSS] roadmap. NSS is a collection of cryptographic libraries used for performing functions like setting up SSL connections or encrypting messages using the S/MIME standard. In 2007, we plan to make on major NSS releases: NSS 3.12. This roadmap outlines the features and schedule estimates for these upcoming NSS releases. These releases will address the needs of the Mozilla clients, as well as the needs of Red Hat and Sun Microsystems server products and related technologies. Other consumers of NSS will also benefit from the performance and standards compliance features.


= NSS 3.11 =
= NSS 3.11 =


== NSS 3.11 Major Features ==
NSS 3.11 Roadmap has been moved to [[NSS:Roadmap:Archive ]].


===FIPS 140-2 Validation ===
===FIPS 140-2 Validation ===
Line 15: Line 13:
Many people ask us which version of the Mozilla clients (Firefox browser and Thunderbird mail client) will contain a FIPS 140-2 validated cryptographic module. These plans are still being reviewed, but we expect Mozilla to be able to ship the FIPS 140-2 validated module in the 2.0 release. [http://weblogs.mozillazine.org/roadmap/archives/2005_12.html Here is the current Firefox Roadmap]. Of course, any change in the NSS schedule or the Mozilla schedule could cause this target to move.
Many people ask us which version of the Mozilla clients (Firefox browser and Thunderbird mail client) will contain a FIPS 140-2 validated cryptographic module. These plans are still being reviewed, but we expect Mozilla to be able to ship the FIPS 140-2 validated module in the 2.0 release. [http://weblogs.mozillazine.org/roadmap/archives/2005_12.html Here is the current Firefox Roadmap]. Of course, any change in the NSS schedule or the Mozilla schedule could cause this target to move.


=== SSL Performance Enhancements ===
= NSS 3.12 =  


We will work to further improve NSS's software SSL performance. The multiprecision arithmetic ("big num") library and some algorithms (such as SHA-1) will be heavily optimized. For additional performance boost, the SSL library can be configured to call the low-level crypto library (libfreebl3.so) directly, bypassing the PKCS #11 layer. (Note: applications using NSS wanting to run in FIPS 140-2 mode will need to leave the bypass turned <i>off</i> (which is the default) to remain compliant. For other restrictions applications need to observe when using NSS to remain compliant, please see the [[FIPS Application Requirements]] page ***CREATE PAGE!!**
== NSS 3.12 Major Features (Planned) ==


== NSS 3.11 Minor Features ==
=== libpkix: an RFC 3280 Compliant Certificate Path Validation Library ===


=== Enable NSS to Use Tokens That Support ANSI X9.31 RSA Key Pair Generation ===
We are implementing libpkix, a new certificate path validation library that supports the certificate and CRL profile specified in RFC 3280.


[http://www.rsasecurity.com/rsalabs/node.asp?id=2306 ANSI X9.31] specifies a method to generate RSA public/private key pairs whose p and q values meet strong primes requirements. Some hardware security modules support X9.31 RSA key pair generation.
libpkix will add to NSS several features that are long overdue, such as certificate policy extension handling, cross-certification (Federal Bridge CA), and (we hope) fetching of CRLs from certificates' CRLDP extensions.


We would like to enable one to pass the CKM_RSA_X9_31_KEY_PAIR_GEN mechanism to PK11_GenerateKeyPair. See [https://bugzilla.mozilla.org/show_bug.cgi?id=302219 Bugzilla bug 302219].
A new variant of CERT_VerifyCert will be added that uses libpkix for certificate path validation, and the old CERT_Verify functions will optionally use libPKIX with limited capability.


=== Hardware Security Module (HSM) Key Generation Fixes ===
Here are some design documents related to this project:


There are two enhancement requests. The first one is to generate a symmetric key with the CKA_UNWRAP attribute. We fixed this by the new function PK11_TokenKeyGenWithFlags function. The second one is to generate a public/private key pair with the CKA_EXTRACTABLE attribute. The fix is still being designed.
[[ NSS:Revocation_API_Proposals|Specifying revocation checking for CERT_PKIXVerifyCert]]


These two new functions will be introduced in NSS 3.10.2.
=== SQLite-Based Shareable Certificate and Key Databases ===


=== Countermeasures for Cache Timing Attacks ===
Many client applications, such as Firefox, Thunderbird, Evolution, and OpenOffice.org, use NSS, but they each have their own certificate and key databases. As a result, for example, if you import and trust a certificate in Firefox, you will not see it in Thunderbird. This is because Berkeley DB 1.85, the database NSS currently uses, can't be shared by multiple processes.


We have re-implemented the multiplication and exponentiation routines in our multiprecision arithmetic ("big num") library to defend against cache timing attacks.
Although new versions of Berkeley DB (from Sleepycat Software) support multiprocess access, its open source license is incompatible with the Mozilla Public License (MPL).  


=== NSS RPM ===
We are planning to implement a shareable database using [http://www.sqlite.org/ SQLite], which is in the "public domain". Other Mozilla teams are adopting SQLite, making it a logical choice for the NSS project as well.


The current [http://www.mozilla.org/projects/nspr/ NSPR] and NSS RPMs in Red Hat Enterprise Linux and Fedora Core are created as byproducts of the Mozilla client RPM. They are called mozilla-nspr and mozilla-nss, and they use Mozilla's version numbers (such as 1.7.10).
<b>Note:</b> This change will affect code inside the FIPS 140-2 defined cryptographic module boundaries. Therefore, we will need to document these changes and obtain a new FIPS validation.


We want to create the official NSPR and NSS RPMs, independent of the Mozilla RPM and with the right version numbers, that all NSPR and NSS based applications can use.
[[ NSS_Shared_DB|Proposed Shareable Database Design Document is here.]]<br>
[[ NSS_Shared_DB_Test|Instructions to build the Shareable DB.]]<br>
[[ NSS_Shared_DB_Samples|Instructions to test the Shareable DB alpha.]]<br>
[[ NSS_Shared_DB_And_LINUX|How LINUX Applications should initialize NSS. ]]


A prerequisite for this work is to enhance the Mozilla client build system so that it can build with the pre-built NSPR and NSS installed by these RPMs.
=== Component Refactoring ===


We also need to decide which NSS tools to ship. The candidate list is certutil, modutil, pk12util, signtool, and ssltap.
NSS is made up of several components, some of which can be separated out from each other for packaging (and potentially) building purposes. For NSS 3.12 we would like to make sure the following components are separable:


= NSS 3.11.1 =
nssckbi (and ideally all of ckfw). It would be nice to ship nssckbi libraries separate from base NSS.


== NSS 3.11.1 Features ==
softoken/freebl. These are our FIPS components. we want to make sure they are totally separated from the rest of NSS.


=== OCSP HTTP Client Callback ===
util library.  Eliminate multiple copies of libutil functions that are linked in to multiple other shared libraries by making libutil a shared library.


We will add OCSP HTTP client callback support ([https://bugzilla.mozilla.org/show_bug.cgi?id=152426 Bugzilla bug 152426]) so that Firefox 2.0 can do OCSP through a proxy server ([https://bugzilla.mozilla.org/show_bug.cgi?id=111384 Bugzilla bug 111384]).
A document on refactoring for NSS 3.11 is available [[NSS_Refactor_3_11|here]].


=== Elliptic Curve Cryptography ===
A document on refactoring for NSS 3.12 is available [[NSS_Refactor_3_12|here]].


The NSS codebase currently contains [http://en.wikipedia.org/wiki/Elliptic_curve_cryptography Elliptic Curve Cryptography (ECC)] algorithms donated by Sun Labs; however, they are turned off by default in the builds script. In this release we will implement the ECC TLS cipher suites specified in RFC 4492 ([https://bugzilla.mozilla.org/show_bug.cgi?id=236245 Bugzilla bug 236245]).
=== Handling Multiple Initializations of NSS ===


This work was originally scheduled for NSS 3.12. We have decided to do it earlier in NSS 3.11.1.
NSS was designed as a library that a single application would use. The application would control how NSS was initialized and configured. Applications would initialize NSS early before any other libraries that used NSS could run. With more libraries using NSS, the chance that more than one library will try to initialize NSS, or the chance that a given library will initialize NSS before the application gets a chance to start increases.


=== TLS Server Name Indication ===
A proposal to fix this is [[NSS_Library_Init|here]].


We are considering accelerating the implementation of the TLS Server Name Indication (SNI) extension (see RFC 3546) in light of a recent IEBlog [http://blogs.msdn.com/ie/archive/2005/10/22/483795.aspx Upcoming HTTPS Improvements in Internet Explorer 7 Beta 2].
== Capture from NSS 3.12 planning ==


This work was originally scheduled for NSS 3.12. We have decided to do it earlier in NSS 3.11.1.
Some of these items are already documented above. Some (many) of these items will be put off to later releases.


= NSS 3.11.2 =
* IN (Planned for NSS 3.12, underway)
** LibPKIX support
*** Most features, but see below
** Shareable DB 
*** Could add requirement for a new FIPS validation
** Refactoring
*** Util
** OCSP Response Cache
** Tool Improvements
*** certutil support additional cert extensions
*** long option name support
* Uncertain
** Refactoring
*** nssckbi
*** softoken/freebl
** PKCS11 modules to access foreign key stores
*** CAPI
*** Mac keychain
*** a PEM file
** LibPKIX features
*** Non-blocking cert verification
*** CRL Fetching using CRLDP extensions
* OUT (Not likely to be in NSS 3.12)
** SSL enhancements
*** Server side SNI
*** Support curve based certificate selection for ECC certs.
*** Server side DHE
*** Support single use keys
*** OCSP stapling (requires OCSP Cache).
** Tool Improvements
*** pkcs 7 cert packager
*** better diagnostics for pk12util
*** rationalized option names
*** localization of tools
** ECC for S/MIME
** Language bindings for scripting languages
*** Perl
*** Python
** Phone home root certs
** Better NSS documentation
*** tools (Unix man pages)
*** API's
*** HW security modules (PKCS #11 tools and test suites).


NSS 3.11.2 is a bug-fix patch release. It will include
= Future: Work that may come after the release of NSS 3.12 =
* FIPS 140-2 features: logging auditable events, new cryptographic algorithm tests,
* fixes for the regressions introduced in NSS 3.11 or 3.11.1,
* fixes for the crashes or memory errors discovered by [http://www.coverity.com/ Coverity], and
* two new root CA certificates.


= NSS 3.11.5 (FIPS) =
== Biometrics ==


The version number 3.11.5 has been reserved for the NSS 3.11.x release that
NSS needs to support external biometrics to unlock tokens. Today there are limitation in the PKCS#11 specifications which make it hard to replace the traditional smartcard PIN UI prompt with an external biometric operation. For example, we would like to unlock smartcards using a fingerprint reader or retina scanner.
will pass FIPS 140-2 validation.


= NSS 3.12 =  
== Proposals for NSS 3.14 ==


== NSS 3.12 Major Features ==
- Need to add more here


=== libpkix: an RFC 3280 Compliant Certificate Path Validation Library ===
- Add PKCS#11 PEM Reader [402712]


We are implementing libpkix, a new certificate path validation library that supports the certificate and CRL profile specified in RFC 3280.
- Create brand new NSS samples [490238]


libpkix will add to NSS several features that are long overdue, such as certificate policy, cross-certification (Federal Bridge CA), and delta CRLs.
- split out from softoken common components to util [753116]


New variants of CERT_VerifyCert will be added that use libpkix for certificate path validation.
== Proposals for NSS 3.13 ==


=== SQLite-Based Multiaccess Certificate and Key Databases ===
1. Switch Firefox to libpkix.


Many client applications, such as Firefox, Thunderbird, Evolution, and OpenOffice.org, use NSS, but they each have their own certificate and key databases. As a result, for example, if you import and trust a certificate in Firefox, you will not see it in Thunderbird. This is because Berkeley DB 1.85, the database NSS currently uses, can't be used by multiple processes.
2. Switch Firefox to sqlite shared DB.


Although new versions of Berkeley DB (from Sleepycat Software) support multiprocess access, its open source license is incompatible with the Mozilla Public License (MPL).  
3. Implement TLS 1.2.


We are planning to implement a multiaccess database using [http://www.sqlite.org/ SQLite], which is in the "public domain". Other Mozilla teams are adopting SQLite, making it a logical choice for the NSS project as well.
4. Implement OCSP stapling and OCSP response disk cache.


Since libpkix is significant amount of work, it is likely that the multiaccess database feature will be postponed to NSS 3.13.
5. Add PKCS#11 PEM Reader [402712] moved to 3.14


<b>Note:</b> This change will affect code inside the FIPS 140-2 defined cryptographic module boundaries. Therefore, we will need to document these changes and obtain a delta validation.
6. Create brand new NSS samples [490238] moved to 3.14


= Future Work: NSS 3.13 and Beyond =
7. Add localizable error messages for NSS error codes [172051] done


== Biometrics ==
8. Remove function definitions from pk11pars.h [466042] moved to 3.14
 
and replaced bt
NSS needs to support external biometrics to unlock tokens. Today there are limitation in the PKCS#11 specifications which make it hard to replace the traditional smartcard PIN UI prompt with an external biometric operation. For example, we would like to unlock smartcards using a fingerprint reader or retina scanner.


= Schedules =
= Schedules =
Line 123: Line 160:
== NSS 3.11.2 ==
== NSS 3.11.2 ==
* RTM: June 23, 2006
* RTM: June 23, 2006
== NSS 3.11.3 ==
* RTM: September 10, 2006
== NSS 3.11.4 ==
* RTM: November 17, 2006
== NSS 3.11.5 ==
* RTM: January 18, 2007
== NSS 3.11.6 ==
* RTM: February 14, 2007
== NSS 3.11.7 ==
* RTM: May 28, 2007
== NSS 3.11.8 ==
* RTM: November 08, 2007
== NSS 3.11.9 ==
* RTM: January 31, 2008


== NSS 3.12 ==
== NSS 3.12 ==
* Feature Complete: TBD
* RTM: June 17, 2008
* Beta: TBD
* RTM: 2006 Q4


== NSS 3.13 ==
== NSS 3.13 ==
* RTM: Oct 18, 2011
== NSS 3.14 ==
* Feature Complete: TBD
* Feature Complete: TBD
* Beta: TBD
* Beta: TBD
* RTM: TBD
* RTM: TBD
[[Category:NSS]]
Emaldona
14

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/27954...436787"

Navigation menu