439
edits
NSS:Roadmap: Difference between revisions
→Future Work: NSS 3.13 and Beyond
No edit summary |
|||
| Line 109: | Line 109: | ||
NSS needs to support external biometrics to unlock tokens. Today there are limitation in the PKCS#11 specifications which make it hard to replace the traditional smartcard PIN UI prompt with an external biometric operation. For example, we would like to unlock smartcards using a fingerprint reader or retina scanner. | NSS needs to support external biometrics to unlock tokens. Today there are limitation in the PKCS#11 specifications which make it hard to replace the traditional smartcard PIN UI prompt with an external biometric operation. For example, we would like to unlock smartcards using a fingerprint reader or retina scanner. | ||
== Capture from NSS 3.12 planning == | |||
Some of these items are already documented above. Some (many) of these items will be put off to the next release. | |||
* LibPKIX support | |||
** EV Certificates | |||
** OCSP Cache | |||
* Shared DB | |||
** Could add requirement for a new FIPS validation | |||
* SSL | |||
** Server side SNI | |||
** Support curve based certificate selection for ECC certs. | |||
** Server side DHE | |||
** Support single use keys | |||
** OCSP stapling (requires OCSP Cache). | |||
* interoperability | |||
** capi PKCS 11 | |||
** mac key ring PKCS 11 | |||
** pem file PKCS 11 | |||
* ECC for S/MIME | |||
* Language bindings for other languages (scripting languages like perl/python/php | |||
* Improved tools | |||
** certutil | |||
** pkcs 7 cert packager | |||
** better diagnostics for pk12util | |||
** rationalized options | |||
** localization of tools | |||
* Phone home root certs | |||
* Better NSS documentations | |||
** tools (Unix man pages) | |||
** API's | |||
** HW security modules (tools and test suites). | |||
= Schedules = | = Schedules = | ||