|
|
| (27 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| ''Last Updated: 3 Nov 2016'' | | '''Mission''': Use modern cryptography to improve the security and privacy of Firefox |
| | |
| | Protect Firefox users on the Internet through up-to-date cryptographic protocols |
| | |
| | * Maintain the cryptography and transport security library that powers Firefox, [[NSS]] |
| | * Enforce the technical policies of the Mozilla [[CA|CA Certificate Program]] |
| | * Lead the adoption of cryptographic technologies to improve security throughout Firefox |
|
| |
|
| = Crypto Engineering Projects = | | = Crypto Engineering Projects = |
| Line 8: |
Line 14: |
| NSS is the cryptography and transport security library that powers Firefox. | | NSS is the cryptography and transport security library that powers Firefox. |
|
| |
|
| In 2016Q4 and 2017Q1 we're working on three aspects of NSS.
| |
|
| |
| === Improve Developer Ergonomics ===
| |
| NSS [http://www-archive.mozilla.org/projects/security/pki/nss/history.html dates back to Netscape Navigator], and much of the infrastructure for working inside the codebase dated back nearly that far, making an artificially-high barrier to entry for new community contributors.
| |
|
| |
| * 2016 Q4: [[NSS/Build_System|Change build systems to Gyp]] for dramatically faster builds, with an easier-to-maintain set of build scripts.
| |
| * 2016 Q4: Move reviews to Phabricator.
| |
| ** MozReview's lack of a security-restricted mode makes it unacceptable
| |
| * 2016 Q4: Semi-Automatic Branch Uplifts to Mozilla-Central, so that changes can be tested in Nightly.
| |
| * 2016 Q4: [[NSS/Demos|[MWOS] Add new NSS demonstration code]] to show how to use NSS in a modern way.
| |
|
| |
| === Cleanup ===
| |
| Many things in NSS are old without being a barrier to community contribution.
| |
|
| |
| * 2016 Q4: Support ARM and ARM64 testing in TaskCluster.
| |
| ** While NSS is security-critical on all our platforms, historically we only found out about breakage in ARM platforms after the fact, so we're now treating ARM and ARM64 as first-class testing environments.
| |
| * 2016 Q4: Support fuzzing the internal interfaces.
| |
| ** If you build security-critical code today, you plan to fuzz it from the start. NSS wasn't built that way, so it needs some adjustments to make it fuzzy on the inside.
| |
| * 2016 Q4: Port the AES-NI speedup Linux-x86 assembly code to NASM and cross-assemble it for Windows and OSX.
| |
|
| |
| === New Functions ===
| |
| We're thought leaders in producing a more secure Internet; our software needs to keep up with our ideas.
| |
|
| |
| * 2016 Q4: Support TLS v1.3.
| |
| ** This is a major revision to the transport security specification, and a large boon for protecting our users from adversaries and surveillance.
| |
| * 2016 Q4: [[NSS/BoGo_Tests|Integrate BoGo's integration tests into NSS builds]].
| |
| ** The automated tests for NSS are mostly unit tests. Integration testing was historically assumed to happen at Firefox, but that's limited. BoGo is a rich set of integration tests that can diagnose protocol issues during automated testing.
| |
| * 2016 Q4: [[NSS/ARGON2|[MWOS] Implement Argon2]] to provide a basis to modernize the Master Password in Firefox.
| |
| * 2017 Q1: Post-Quantum Research and Development.
| |
| ** Mozilla is intending to join the efforts in developing cryptography that will remain secure once quantum computers come online. This is expected to be a long-duration R&D effort.
| |
|
| |
|
| == PSM == | | == PSM == |
| PSM performs the business logic of deciding whether a given secure network connection is actually trustworthy. It applies logic from the user's choices, the Mozilla Root Program, and the platform in order to make a trust determination. E.g., whether to show a connection as secure. | | PSM performs the business logic of deciding whether a given secure network connection is actually trustworthy. It applies logic from the user's choices, the Mozilla Root Program, and the platform in order to make a trust determination. E.g., whether to show a connection as secure. |
|
| |
|
| * 2016 Q4 / 2017 Q1: Re-architect PSM/NSS interaction to eliminate shutdown crashes. | | * [[Security/CryptoEngineering/Intermediate Preloading|Intermediate Preloading]] |
| ** The interaction between PSM and NSS is extremely old, and doesn't follow the modern methods Gecko uses to initialize and shutdown modules. As such, NSS sometimes crashes when shutting down; this is a leading crash on Android. Fixing this is a substantial architectural change.
| | * [https://bugzilla.mozilla.org/show_bug.cgi?id=1464828 OS-supplied Data at Rest Protections] |
| ** Details here: [[Security/CryptoEngineering/Platform Use of NSS|Platform Use of NSS]]
| |
| | |
| * 2016 Q4 / 2017 Q1: Implement the [[Security/CryptoEngineering/SHA-1|SHA-1 Shutoff Plan]]. | |
| ** The WebPKI is halting use of SHA-1 for publicly-trusted certificates. PSM will be enforcing that halt starting in early 2017.
| |
|
| |
|
| == Web Authentication == | | == Web Authentication == |
| Password authentication is known to be a security liability on the Web. The [https://www.w3.org/TR/webauthn/ W3C Web Authentication Working Group is developing a specification] for using Scoped Credentials to supplement or replace passwords. Mozilla intends to implement Web Authentication (WebAuthn) specification.
| | See [[Security/Web Authentication]] |
| | |
| * 2016 Q2: FIDO U2F v1.1 JS API landed, hidden behind preferences.
| |
| ** You can test a "Soft Token" using any recent version of Firefox using the instructions at https://u2f.bin.coffee/
| |
| * 2016 Q4: Support USB HID U2F devices on Linux.
| |
| * 2016 Q4: Draft WebAuthn JS API available, hidden behind a pref, using the Soft Token from U2F.
| |
| * 2017 Q1: Support USB HID U2F devices on Windows / Mac OS X.
| |
| * 2017 Q1: Integrate USB HID U2F devices with the WebAuthn JS API.
| |
| * 2017 Q1-2: Update to the final implementation WebAuthn JS API.
| |