NSS:Roadmap: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
mNo edit summary
 
(28 intermediate revisions by 7 users not shown)
Line 1: Line 1:
Updated: June 15, 2006 by Wan-Teh Chang
    <!-- start content -->
    <div class="boilerplate metadata" id="attention" style="background-color: #f3f9ff; margin: 0 2.5%; padding: 0 10px; border: 1px solid #aaa;">
<p><strong>All your base are belong to us!</strong><br />
Please edit [[Pelican shit|this page]] for great justice.
</p>
</div >
= Introduction =
= Introduction =


Welcome to the [http://www.mozilla.org/projects/security/pki/nss/ NSS] roadmap. NSS is a collection of cryptographic libraries used for performing functions like setting up SSL connections or encrypting messages using the S/MIME standard. In 2005-2006, we plan to make at lease three NSS releases: NSS 3.11, NSS 3.11.1, and NSS 3.12. This roadmap outlines the features and schedule estimates for these upcoming NSS releases. These releases will address the needs of the Mozilla clients, as well as the needs of Red Hat and Sun Microsystems server products and related technologies. Other consumers of NSS will also benefit from the performance and standards compliance features.
Welcome to the [http://www.mozilla.org/projects/security/pki/nss/ NSS] roadmap. NSS is a collection of cryptographic libraries used for performing functions like setting up SSL connections or encrypting messages using the S/MIME standard. In 2007, we plan to make on major NSS releases: NSS 3.12. This roadmap outlines the features and schedule estimates for these upcoming NSS releases. These releases will address the needs of the Mozilla clients, as well as the needs of Red Hat and Sun Microsystems server products and related technologies. Other consumers of NSS will also benefit from the performance and standards compliance features.


= NSS 3.11 =
= NSS 3.11 =


== NSS 3.11 Major Features ==
NSS 3.11 Roadmap has been moved to [[NSS:Roadmap:Archive ]].


===FIPS 140-2 Validation ===
===FIPS 140-2 Validation ===
Line 21: Line 13:
Many people ask us which version of the Mozilla clients (Firefox browser and Thunderbird mail client) will contain a FIPS 140-2 validated cryptographic module. These plans are still being reviewed, but we expect Mozilla to be able to ship the FIPS 140-2 validated module in the 2.0 release. [http://weblogs.mozillazine.org/roadmap/archives/2005_12.html Here is the current Firefox Roadmap]. Of course, any change in the NSS schedule or the Mozilla schedule could cause this target to move.
Many people ask us which version of the Mozilla clients (Firefox browser and Thunderbird mail client) will contain a FIPS 140-2 validated cryptographic module. These plans are still being reviewed, but we expect Mozilla to be able to ship the FIPS 140-2 validated module in the 2.0 release. [http://weblogs.mozillazine.org/roadmap/archives/2005_12.html Here is the current Firefox Roadmap]. Of course, any change in the NSS schedule or the Mozilla schedule could cause this target to move.


=== SSL Performance Enhancements ===
= NSS 3.12 =  


We will work to further improve NSS's software SSL performance. The multiprecision arithmetic ("big num") library and some algorithms (such as SHA-1) will be heavily optimized. For additional performance boost, the SSL library can be configured to call the low-level crypto library (libfreebl3.so) directly, bypassing the PKCS #11 layer. (Note: applications using NSS wanting to run in FIPS 140-2 mode will need to leave the bypass turned <i>off</i> (which is the default) to remain compliant. For other restrictions applications need to observe when using NSS to remain compliant, please see the [[FIPS Application Requirements]] page ***CREATE PAGE!!**
== NSS 3.12 Major Features (Planned) ==


== NSS 3.11 Minor Features ==
=== libpkix: an RFC 3280 Compliant Certificate Path Validation Library ===


=== Enable NSS to Use Tokens That Support ANSI X9.31 RSA Key Pair Generation ===
We are implementing libpkix, a new certificate path validation library that supports the certificate and CRL profile specified in RFC 3280.


[http://www.rsasecurity.com/rsalabs/node.asp?id=2306 ANSI X9.31] specifies a method to generate RSA public/private key pairs whose p and q values meet strong primes requirements. Some hardware security modules support X9.31 RSA key pair generation.
libpkix will add to NSS several features that are long overdue, such as certificate policy extension handling, cross-certification (Federal Bridge CA), and (we hope) fetching of CRLs from certificates' CRLDP extensions.


We would like to enable one to pass the CKM_RSA_X9_31_KEY_PAIR_GEN mechanism to PK11_GenerateKeyPair. See [https://bugzilla.mozilla.org/show_bug.cgi?id=302219 Bugzilla bug 302219].
A new variant of CERT_VerifyCert will be added that uses libpkix for certificate path validation, and the old CERT_Verify functions will optionally use libPKIX with limited capability.


=== Hardware Security Module (HSM) Key Generation Fixes ===
Here are some design documents related to this project:


There are two enhancement requests. The first one is to generate a symmetric key with the CKA_UNWRAP attribute. We fixed this by the new function PK11_TokenKeyGenWithFlags function. The second one is to generate a public/private key pair with the CKA_EXTRACTABLE attribute. The fix is still being designed.
[[ NSS:Revocation_API_Proposals|Specifying revocation checking for CERT_PKIXVerifyCert]]


These two new functions will be introduced in NSS 3.10.2.
=== SQLite-Based Shareable Certificate and Key Databases ===


=== Countermeasures for Cache Timing Attacks ===
Many client applications, such as Firefox, Thunderbird, Evolution, and OpenOffice.org, use NSS, but they each have their own certificate and key databases. As a result, for example, if you import and trust a certificate in Firefox, you will not see it in Thunderbird. This is because Berkeley DB 1.85, the database NSS currently uses, can't be shared by multiple processes.


We have re-implemented the multiplication and exponentiation routines in our multiprecision arithmetic ("big num") library to defend against cache timing attacks.
Although new versions of Berkeley DB (from Sleepycat Software) support multiprocess access, its open source license is incompatible with the Mozilla Public License (MPL).  


=== NSS RPM ===
We are planning to implement a shareable database using [http://www.sqlite.org/ SQLite], which is in the "public domain". Other Mozilla teams are adopting SQLite, making it a logical choice for the NSS project as well.


The current [http://www.mozilla.org/projects/nspr/ NSPR] and NSS RPMs in Red Hat Enterprise Linux and Fedora Core are created as byproducts of the Mozilla client RPM. They are called mozilla-nspr and mozilla-nss, and they use Mozilla's version numbers (such as 1.7.10).
<b>Note:</b> This change will affect code inside the FIPS 140-2 defined cryptographic module boundaries. Therefore, we will need to document these changes and obtain a new FIPS validation.


We want to create the official NSPR and NSS RPMs, independent of the Mozilla RPM and with the right version numbers, that all NSPR and NSS based applications can use.
[[ NSS_Shared_DB|Proposed Shareable Database Design Document is here.]]<br>
[[ NSS_Shared_DB_Test|Instructions to build the Shareable DB.]]<br>
[[ NSS_Shared_DB_Samples|Instructions to test the Shareable DB alpha.]]<br>
[[ NSS_Shared_DB_And_LINUX|How LINUX Applications should initialize NSS. ]]


A prerequisite for this work is to enhance the Mozilla client build system so that it can build with the pre-built NSPR and NSS installed by these RPMs.
=== Component Refactoring ===


We also need to decide which NSS tools to ship. The candidate list is certutil, modutil, pk12util, signtool, and ssltap.
NSS is made up of several components, some of which can be separated out from each other for packaging (and potentially) building purposes. For NSS 3.12 we would like to make sure the following components are separable:


= NSS 3.11.1 =
nssckbi (and ideally all of ckfw). It would be nice to ship nssckbi libraries separate from base NSS.


== NSS 3.11.1 Features ==
softoken/freebl. These are our FIPS components. we want to make sure they are totally separated from the rest of NSS.


=== OCSP HTTP Client Callback ===
util library.  Eliminate multiple copies of libutil functions that are linked in to multiple other shared libraries by making libutil a shared library.


We will add OCSP HTTP client callback support ([https://bugzilla.mozilla.org/show_bug.cgi?id=152426 Bugzilla bug 152426]) so that Firefox 2.0 can do OCSP through a proxy server ([https://bugzilla.mozilla.org/show_bug.cgi?id=111384 Bugzilla bug 111384]).
A document on refactoring for NSS 3.11 is available [[NSS_Refactor_3_11|here]].


=== Elliptic Curve Cryptography ===
A document on refactoring for NSS 3.12 is available [[NSS_Refactor_3_12|here]].


The NSS codebase currently contains [http://en.wikipedia.org/wiki/Elliptic_curve_cryptography Elliptic Curve Cryptography (ECC)] algorithms donated by Sun Labs; however, they are turned off by default in the builds script. In this release we will implement the ECC TLS cipher suites specified in RFC 4492 ([https://bugzilla.mozilla.org/show_bug.cgi?id=236245 Bugzilla bug 236245]).
=== Handling Multiple Initializations of NSS ===


This work was originally scheduled for NSS 3.12. We have decided to do it earlier in NSS 3.11.1.
NSS was designed as a library that a single application would use. The application would control how NSS was initialized and configured. Applications would initialize NSS early before any other libraries that used NSS could run. With more libraries using NSS, the chance that more than one library will try to initialize NSS, or the chance that a given library will initialize NSS before the application gets a chance to start increases.


=== TLS Server Name Indication ===
A proposal to fix this is [[NSS_Library_Init|here]].


We are considering accelerating the implementation of the TLS Server Name Indication (SNI) extension (see RFC 3546) in light of a recent IEBlog [http://blogs.msdn.com/ie/archive/2005/10/22/483795.aspx Upcoming HTTPS Improvements in Internet Explorer 7 Beta 2].
== Capture from NSS 3.12 planning ==


This work was originally scheduled for NSS 3.12. We have decided to do it earlier in NSS 3.11.1.
Some of these items are already documented above. Some (many) of these items will be put off to later releases.


= NSS 3.11.2 =
* IN (Planned for NSS 3.12, underway)
** LibPKIX support
*** Most features, but see below
** Shareable DB 
*** Could add requirement for a new FIPS validation
** Refactoring
*** Util
** OCSP Response Cache
** Tool Improvements
*** certutil support additional cert extensions
*** long option name support
* Uncertain
** Refactoring
*** nssckbi
*** softoken/freebl
** PKCS11 modules to access foreign key stores
*** CAPI
*** Mac keychain
*** a PEM file
** LibPKIX features
*** Non-blocking cert verification
*** CRL Fetching using CRLDP extensions
* OUT (Not likely to be in NSS 3.12)
** SSL enhancements
*** Server side SNI
*** Support curve based certificate selection for ECC certs.
*** Server side DHE
*** Support single use keys
*** OCSP stapling (requires OCSP Cache).
** Tool Improvements
*** pkcs 7 cert packager
*** better diagnostics for pk12util
*** rationalized option names
*** localization of tools
** ECC for S/MIME
** Language bindings for scripting languages
*** Perl
*** Python
** Phone home root certs
** Better NSS documentation
*** tools (Unix man pages)
*** API's
*** HW security modules (PKCS #11 tools and test suites).


NSS 3.11.2 is a bug-fix patch release. It will include
= Future: Work that may come after the release of NSS 3.12 =
* FIPS 140-2 features: logging auditable events, new cryptographic algorithm tests,
* fixes for the regressions introduced in NSS 3.11 or 3.11.1,
* fixes for the crashes or memory errors discovered by [http://www.coverity.com/ Coverity], and
* two new root CA certificates.


= NSS 3.11.5 (FIPS) =
== Biometrics ==


The version number 3.11.5 has been reserved for the NSS 3.11.x release that
NSS needs to support external biometrics to unlock tokens. Today there are limitation in the PKCS#11 specifications which make it hard to replace the traditional smartcard PIN UI prompt with an external biometric operation. For example, we would like to unlock smartcards using a fingerprint reader or retina scanner.
will pass FIPS 140-2 validation.
 
= NSS 3.12 =
 
== NSS 3.12 Major Features ==
 
=== libpkix: an RFC 3280 Compliant Certificate Path Validation Library ===
 
We are implementing libpkix, a new certificate path validation library that supports the certificate and CRL profile specified in RFC 3280.
 
libpkix will add to NSS several features that are long overdue, such as certificate policy, cross-certification (Federal Bridge CA), and delta CRLs.


New variants of CERT_VerifyCert will be added that use libpkix for certificate path validation.
== Proposals for NSS 3.14 ==


=== SQLite-Based Multiaccess Certificate and Key Databases ===
- Need to add more here


Many client applications, such as Firefox, Thunderbird, Evolution, and OpenOffice.org, use NSS, but they each have their own certificate and key databases. As a result, for example, if you import and trust a certificate in Firefox, you will not see it in Thunderbird. This is because Berkeley DB 1.85, the database NSS currently uses, can't be used by multiple processes.
- Add PKCS#11 PEM Reader [402712]


Although new versions of Berkeley DB (from Sleepycat Software) support multiprocess access, its open source license is incompatible with the Mozilla Public License (MPL).
- Create brand new NSS samples [490238]


We are planning to implement a multiaccess database using [http://www.sqlite.org/ SQLite], which is in the "public domain". Other Mozilla teams are adopting SQLite, making it a logical choice for the NSS project as well.
- split out from softoken common components to util [753116]


Since libpkix is significant amount of work, it is likely that the multiaccess database feature will be postponed to NSS 3.13.
== Proposals for NSS 3.13 ==


<b>Note:</b> This change will affect code inside the FIPS 140-2 defined cryptographic module boundaries. Therefore, we will need to document these changes and obtain a delta validation.
1. Switch Firefox to libpkix.


[[ NSS_Shared_DB|Proposed Shared Database Design Document is here.]]
2. Switch Firefox to sqlite shared DB.


= Future Work: NSS 3.13 and Beyond =
3. Implement TLS 1.2.


== Biometrics ==
4. Implement OCSP stapling and OCSP response disk cache.


NSS needs to support external biometrics to unlock tokens. Today there are limitation in the PKCS#11 specifications which make it hard to replace the traditional smartcard PIN UI prompt with an external biometric operation. For example, we would like to unlock smartcards using a fingerprint reader or retina scanner.
5. Add PKCS#11 PEM Reader [402712] moved to 3.14


== Capture from NSS 3.12 planning ==
6. Create brand new NSS samples [490238] moved to 3.14


Some of these items are already documented above. Some (many) of these items will be put off to the next release.
7. Add localizable error messages for NSS error codes [172051] done


* LibPKIX support
8. Remove function definitions from pk11pars.h [466042] moved to 3.14
** EV Certificates
and replaced bt
** OCSP Cache
* Shared DB
** Could add requirement for a new FIPS validation
* SSL
** Server side SNI
** Support curve based certificate selection for ECC certs.
** Server side DHE
** Support single use keys
** OCSP stapling (requires OCSP Cache).
* interoperability
** capi PKCS 11
** mac key ring PKCS 11
** pem file PKCS 11
* ECC for S/MIME
* Language bindings for other languages (scripting languages like perl/python/php
* Improved tools
** certutil
** pkcs 7 cert packager
** better diagnostics for pk12util
** rationalized options
** localization of tools
* Phone home root certs
* Better NSS documentations
** tools (Unix man pages)
** API's
** HW security modules (tools and test suites).


= Schedules =
= Schedules =
Line 164: Line 160:
== NSS 3.11.2 ==
== NSS 3.11.2 ==
* RTM: June 23, 2006
* RTM: June 23, 2006
== NSS 3.11.3 ==
* RTM: September 10, 2006
== NSS 3.11.4 ==
* RTM: November 17, 2006
== NSS 3.11.5 ==
* RTM: January 18, 2007
== NSS 3.11.6 ==
* RTM: February 14, 2007
== NSS 3.11.7 ==
* RTM: May 28, 2007
== NSS 3.11.8 ==
* RTM: November 08, 2007
== NSS 3.11.9 ==
* RTM: January 31, 2008


== NSS 3.12 ==
== NSS 3.12 ==
* Feature Complete: TBD
* RTM: June 17, 2008
* Beta: TBD
* RTM: TBD


== NSS 3.13 ==
== NSS 3.13 ==
* RTM: Oct 18, 2011
== NSS 3.14 ==
* Feature Complete: TBD
* Feature Complete: TBD
* Beta: TBD
* Beta: TBD
* RTM: TBD
* RTM: TBD
[[Category:NSS]]

Latest revision as of 20:56, 1 June 2012

Introduction

Welcome to the NSS roadmap. NSS is a collection of cryptographic libraries used for performing functions like setting up SSL connections or encrypting messages using the S/MIME standard. In 2007, we plan to make on major NSS releases: NSS 3.12. This roadmap outlines the features and schedule estimates for these upcoming NSS releases. These releases will address the needs of the Mozilla clients, as well as the needs of Red Hat and Sun Microsystems server products and related technologies. Other consumers of NSS will also benefit from the performance and standards compliance features.

NSS 3.11

NSS 3.11 Roadmap has been moved to NSS:Roadmap:Archive .

FIPS 140-2 Validation

The software cryptographic module (libsoftokn3.so) in NSS 3.11 will be submitted to BKP Security, an external validation lab, for FIPS 140-2 validation. To complete the validation, we will produce some code and a lot of documentation to demonstrate that NSS adheres to the standards. This work is being tracked in our FIPS Wiki page. We are making our documentation for FIPS 140-2 validation available on our FIPS Wiki page to make it easier for other vendors to validate other versions of NSS.

Many people ask us which version of the Mozilla clients (Firefox browser and Thunderbird mail client) will contain a FIPS 140-2 validated cryptographic module. These plans are still being reviewed, but we expect Mozilla to be able to ship the FIPS 140-2 validated module in the 2.0 release. Here is the current Firefox Roadmap. Of course, any change in the NSS schedule or the Mozilla schedule could cause this target to move.

NSS 3.12

NSS 3.12 Major Features (Planned)

libpkix: an RFC 3280 Compliant Certificate Path Validation Library

We are implementing libpkix, a new certificate path validation library that supports the certificate and CRL profile specified in RFC 3280.

libpkix will add to NSS several features that are long overdue, such as certificate policy extension handling, cross-certification (Federal Bridge CA), and (we hope) fetching of CRLs from certificates' CRLDP extensions.

A new variant of CERT_VerifyCert will be added that uses libpkix for certificate path validation, and the old CERT_Verify functions will optionally use libPKIX with limited capability.

Here are some design documents related to this project:

Specifying revocation checking for CERT_PKIXVerifyCert

SQLite-Based Shareable Certificate and Key Databases

Many client applications, such as Firefox, Thunderbird, Evolution, and OpenOffice.org, use NSS, but they each have their own certificate and key databases. As a result, for example, if you import and trust a certificate in Firefox, you will not see it in Thunderbird. This is because Berkeley DB 1.85, the database NSS currently uses, can't be shared by multiple processes.

Although new versions of Berkeley DB (from Sleepycat Software) support multiprocess access, its open source license is incompatible with the Mozilla Public License (MPL).

We are planning to implement a shareable database using SQLite, which is in the "public domain". Other Mozilla teams are adopting SQLite, making it a logical choice for the NSS project as well.

Note: This change will affect code inside the FIPS 140-2 defined cryptographic module boundaries. Therefore, we will need to document these changes and obtain a new FIPS validation.

Proposed Shareable Database Design Document is here.
Instructions to build the Shareable DB.
Instructions to test the Shareable DB alpha.
How LINUX Applications should initialize NSS.

Component Refactoring

NSS is made up of several components, some of which can be separated out from each other for packaging (and potentially) building purposes. For NSS 3.12 we would like to make sure the following components are separable:

nssckbi (and ideally all of ckfw). It would be nice to ship nssckbi libraries separate from base NSS.

softoken/freebl. These are our FIPS components. we want to make sure they are totally separated from the rest of NSS.

util library. Eliminate multiple copies of libutil functions that are linked in to multiple other shared libraries by making libutil a shared library.

A document on refactoring for NSS 3.11 is available here.

A document on refactoring for NSS 3.12 is available here.

Handling Multiple Initializations of NSS

NSS was designed as a library that a single application would use. The application would control how NSS was initialized and configured. Applications would initialize NSS early before any other libraries that used NSS could run. With more libraries using NSS, the chance that more than one library will try to initialize NSS, or the chance that a given library will initialize NSS before the application gets a chance to start increases.

A proposal to fix this is here.

Capture from NSS 3.12 planning

Some of these items are already documented above. Some (many) of these items will be put off to later releases.

  • IN (Planned for NSS 3.12, underway)
    • LibPKIX support
      • Most features, but see below
    • Shareable DB
      • Could add requirement for a new FIPS validation
    • Refactoring
      • Util
    • OCSP Response Cache
    • Tool Improvements
      • certutil support additional cert extensions
      • long option name support
  • Uncertain
    • Refactoring
      • nssckbi
      • softoken/freebl
    • PKCS11 modules to access foreign key stores
      • CAPI
      • Mac keychain
      • a PEM file
    • LibPKIX features
      • Non-blocking cert verification
      • CRL Fetching using CRLDP extensions
  • OUT (Not likely to be in NSS 3.12)
    • SSL enhancements
      • Server side SNI
      • Support curve based certificate selection for ECC certs.
      • Server side DHE
      • Support single use keys
      • OCSP stapling (requires OCSP Cache).
    • Tool Improvements
      • pkcs 7 cert packager
      • better diagnostics for pk12util
      • rationalized option names
      • localization of tools
    • ECC for S/MIME
    • Language bindings for scripting languages
      • Perl
      • Python
    • Phone home root certs
    • Better NSS documentation
      • tools (Unix man pages)
      • API's
      • HW security modules (PKCS #11 tools and test suites).

Future: Work that may come after the release of NSS 3.12

Biometrics

NSS needs to support external biometrics to unlock tokens. Today there are limitation in the PKCS#11 specifications which make it hard to replace the traditional smartcard PIN UI prompt with an external biometric operation. For example, we would like to unlock smartcards using a fingerprint reader or retina scanner.

Proposals for NSS 3.14

- Need to add more here

- Add PKCS#11 PEM Reader [402712]

- Create brand new NSS samples [490238]

- split out from softoken common components to util [753116]

Proposals for NSS 3.13

1. Switch Firefox to libpkix.

2. Switch Firefox to sqlite shared DB.

3. Implement TLS 1.2.

4. Implement OCSP stapling and OCSP response disk cache.

5. Add PKCS#11 PEM Reader [402712] moved to 3.14

6. Create brand new NSS samples [490238] moved to 3.14

7. Add localizable error messages for NSS error codes [172051] done

8. Remove function definitions from pk11pars.h [466042] moved to 3.14 and replaced bt

Schedules

NSS 3.11

  • Feature Complete: 8/31/2005
  • Beta: 9/12/2005
  • RTM: 12/16/2005
  • FIPS 140-2 validation: 2006 Q3

NSS 3.11.1

  • RTM: May 8, 2006

NSS 3.11.2

  • RTM: June 23, 2006

NSS 3.11.3

  • RTM: September 10, 2006

NSS 3.11.4

  • RTM: November 17, 2006

NSS 3.11.5

  • RTM: January 18, 2007

NSS 3.11.6

  • RTM: February 14, 2007

NSS 3.11.7

  • RTM: May 28, 2007

NSS 3.11.8

  • RTM: November 08, 2007

NSS 3.11.9

  • RTM: January 31, 2008

NSS 3.12

  • RTM: June 17, 2008

NSS 3.13

  • RTM: Oct 18, 2011

NSS 3.14

  • Feature Complete: TBD
  • Beta: TBD
  • RTM: TBD
Retrieved from "https://wiki.allizom.org/index.php?title=NSS:Roadmap&oldid=436787"