Security/CryptoEngineering: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(note the DAR support)
(move webauthn)
Line 22: Line 22:


== Web Authentication ==
== Web Authentication ==
Password authentication is known to be a security liability on the Web. The [https://www.w3.org/TR/webauthn/ W3C Web Authentication Working Group is developing a specification] for using Scoped Credentials to supplement or replace passwords. Mozilla intends to continue supporting the Web Authentication (WebAuthn) specification.
See [[Security/Web Authentication]]
 
==== Useful testing sites ====
 
Web Authentication:
* https://webauthn.bin.coffee/
* https://webauthn.io/
* https://webauthndemo.appspot.com/
* https://demo.yubico.com/webauthn/
 
U2F (behind a pref, experimental, not released):
* https://u2fdemo.appspot.com/
* https://github.com/
* https://u2f.bin.coffee/
* https://demo.yubico.com/u2f

Revision as of 17:27, 25 September 2020

Mission: Use modern cryptography to improve the security and privacy of Firefox

Protect Firefox users on the Internet through up-to-date cryptographic protocols

  • Maintain the cryptography and transport security library that powers Firefox, NSS
  • Enforce the technical policies of the Mozilla CA Certificate Program
  • Lead the adoption of cryptographic technologies to improve security throughout Firefox

Crypto Engineering Projects

Our team's major projects are broken down by module:

NSS

NSS is the cryptography and transport security library that powers Firefox.


PSM

PSM performs the business logic of deciding whether a given secure network connection is actually trustworthy. It applies logic from the user's choices, the Mozilla Root Program, and the platform in order to make a trust determination. E.g., whether to show a connection as secure.

Web Authentication

See Security/Web Authentication
Retrieved from "https://wiki.allizom.org/index.php?title=Security/CryptoEngineering&oldid=1231074"