Security/CryptoEngineering: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Link to more NSS pages)
(whitespace)
 
(30 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Projects =
'''Mission''': Use modern cryptography to improve the security and privacy of Firefox


== [[NSS]] ==
Protect Firefox users on the Internet through up-to-date cryptographic protocols
The crypto library that powers Firefox


=== Improve Developer Ergonomics ===
* Maintain the cryptography and transport security library that powers Firefox, [[NSS]]
* 2016 Q4: [[NSS/Build_System|Change build systems to Gyp]]
* Enforce the technical policies of the Mozilla [[CA|CA Certificate Program]]
* 2016 Q4: Move reviews to Phabricator
* Lead the adoption of cryptographic technologies to improve security throughout Firefox
* 2016 Q4: Semi-Automatic Branch Uplifts to Mozilla-Central


=== Cleanup ===
= Crypto Engineering Projects =
* 2016 Q4: Support ARM and ARM64 testing in TaskCluster
 
* 2016 Q4: Support fuzzing the internal interfaces
Our team's major projects are broken down by module:
* 2016 Q4: Port the AES-NI Linux-x86 assembly to NASM and cross-compile for Windows and OSX
 
== [[NSS]] ==
NSS is the cryptography and transport security library that powers Firefox.


=== New Functions ===
* 2016 Q4: Support TLS v1.3
* 2016 Q4: [[NSS/BoGo_Tests|Integrate BoGo's integration tests into NSS builds]]
* 2016 Q4: [[NSS/ARGON2|MWOS Support Argon2]]
* 2016 Q4: [[NSS/Demos|MWOS Add new NSS demonstration code]]
* 2017 Q1: Post-Quantum Research


== PSM ==
== PSM ==
* 2016 Q4: Rearchitect PSM/NSS interaction to eliminate shutdown crashes
PSM performs the business logic of deciding whether a given secure network connection is actually trustworthy. It applies logic from the user's choices, the Mozilla Root Program, and the platform in order to make a trust determination. E.g., whether to show a connection as secure.
* 2016 Q4 / 2017 Q1: [[Security/CryptoEngineering/SHA-1|SHA-1 Shutoff Plan]]
 
* [[Security/CryptoEngineering/Intermediate Preloading|Intermediate Preloading]]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=1464828 OS-supplied Data at Rest Protections]


== Web Authentication ==
== Web Authentication ==
* 2016 Q2: FIDO U2F v1.1 JS API landed behind a pref. Test at https://u2f.bin.coffee/
See [[Security/Web Authentication]]
* 2016 Q4: Support USB HID U2F devices on Linux
* 2016 Q4: Draft WebAuthn JS API landed behind a pref, using the Soft Token
* 2017 Q1: Support USB HID U2F devices on Windows / Mac OS X

Latest revision as of 17:27, 25 September 2020

Mission: Use modern cryptography to improve the security and privacy of Firefox

Protect Firefox users on the Internet through up-to-date cryptographic protocols

  • Maintain the cryptography and transport security library that powers Firefox, NSS
  • Enforce the technical policies of the Mozilla CA Certificate Program
  • Lead the adoption of cryptographic technologies to improve security throughout Firefox

Crypto Engineering Projects

Our team's major projects are broken down by module:

NSS

NSS is the cryptography and transport security library that powers Firefox.


PSM

PSM performs the business logic of deciding whether a given secure network connection is actually trustworthy. It applies logic from the user's choices, the Mozilla Root Program, and the platform in order to make a trust determination. E.g., whether to show a connection as secure.

Web Authentication

See Security/Web Authentication

Retrieved from "https://wiki.allizom.org/index.php?title=Security/CryptoEngineering&oldid=1231075"