NSS:Roadmap: Difference between revisions

← Older edit

NSS:Roadmap (view source)

Revision as of 20:56, 1 June 2012

1,272 bytes added , 1 June 2012

→‎Proposals for NSS 3.14

Emaldona

14

edits

@@ Line 21: / Line 21: @@
 We are implementing libpkix, a new certificate path validation library that supports the certificate and CRL profile specified in RFC 3280.
-libpkix will add to NSS several features that are long overdue, such as certificate policy extension handling, cross-certification (Federal Bridge CA), and delta CRLs.
+libpkix will add to NSS several features that are long overdue, such as certificate policy extension handling, cross-certification (Federal Bridge CA), and (we hope) fetching of CRLs from certificates' CRLDP extensions.
 A new variant of CERT_VerifyCert will be added that uses libpkix for certificate path validation, and the old CERT_Verify functions will optionally use libPKIX with limited capability.
@@ Line 37: / Line 37: @@
 We are planning to implement a shareable database using [http://www.sqlite.org/ SQLite], which is in the "public domain". Other Mozilla teams are adopting SQLite, making it a logical choice for the NSS project as well.
-<b>Note:</b> This change will affect code inside the FIPS 140-2 defined cryptographic module boundaries. Therefore, we will need to document these changes and obtain a delta validation.
+<b>Note:</b> This change will affect code inside the FIPS 140-2 defined cryptographic module boundaries. Therefore, we will need to document these changes and obtain a new FIPS validation.
 [[ NSS_Shared_DB|Proposed Shareable Database Design Document is here.]]<br>
@@ Line 57: / Line 57: @@
 A document on refactoring for NSS 3.12 is available [[NSS_Refactor_3_12|here]].
+=== Handling Multiple Initializations of NSS ===
+NSS was designed as a library that a single application would use. The application would control how NSS was initialized and configured. Applications would initialize NSS early before any other libraries that used NSS could run. With more libraries using NSS, the chance that more than one library will try to initialize NSS, or the chance that a given library will initialize NSS before the application gets a chance to start increases.
+A proposal to fix this is [[NSS_Library_Init|here]].
 == Capture from NSS 3.12 planning ==
@@ Line 111: / Line 117: @@
 NSS needs to support external biometrics to unlock tokens. Today there are limitation in the PKCS#11 specifications which make it hard to replace the traditional smartcard PIN UI prompt with an external biometric operation. For example, we would like to unlock smartcards using a fingerprint reader or retina scanner.
+== Proposals for NSS 3.14 ==
+- Need to add more here
+- Add PKCS#11 PEM Reader [402712]
+- Create brand new NSS samples [490238]
+- split out from softoken common components to util [753116]
+== Proposals for NSS 3.13 ==
+. Switch Firefox to libpkix.
+. Switch Firefox to sqlite shared DB.
+. Implement TLS 1.2.
+. Implement OCSP stapling and OCSP response disk cache.
+. Add PKCS#11 PEM Reader [402712] moved to 3.14
+. Create brand new NSS samples [490238] moved to 3.14
+. Add localizable error messages for NSS error codes [172051] done
+. Remove function definitions from pk11pars.h [466042] moved to 3.14
+and replaced bt
 = Schedules =
@@ Line 151: / Line 186: @@
 == NSS 3.13 ==
+* RTM: Oct 18, 2011
+== NSS 3.14 ==
 * Feature Complete: TBD
 * Beta: TBD